Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Logs - issues flagged


  • This topic is locked This topic is locked
17 replies to this topic

#1 PhilLatterly

PhilLatterly

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 10 September 2017 - 06:22 AM

boopme said in another forum that Chrome is trying to access a website so recommended that I post this here. Thanks, boopme. 

 

Here is the original FRST log which flagged-up the issue:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Asus (06-09-2017 13:09:16)
Running from C:\Users\Asus\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-07 12:35:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2960247526-2325433752-1066332616-500 - Administrator - Disabled)
Asus (S-1-5-21-2960247526-2325433752-1066332616-1001 - Administrator - Enabled) => C:\Users\Asus
DefaultAccount (S-1-5-21-2960247526-2325433752-1066332616-503 - Limited - Disabled)
Guest (S-1-5-21-2960247526-2325433752-1066332616-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.140 - ICEpower a/s)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.6.3029 - AVG Technologies)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
FMW 1 (HKLM\...\{F64508FE-73C8-4C27-9CCA-3799C428B70B}) (Version: 1.223.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4462 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7667 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-09-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-12-10] (Foxit Software Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-09-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {16E778BB-0135-4D4D-AAC6-4E88B3625372} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {28259474-BB8F-442F-9D8A-BD4D731FB2A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {2BD2695C-9215-43F3-B10A-6C916E9CE21C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-23] (Realtek Semiconductor)
Task: {33F73AEC-65C2-4A7F-AF5D-EBE7A40EF155} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {39018092-AE06-4E26-B25D-04343F68DF09} - System32\Tasks\Opera scheduled Autoupdate 1495794822 => C:\Program Files\Opera\launcher.exe [2017-08-14] (Opera Software)
Task: {39CD21EB-35CB-4512-AA79-269F27FC6E2F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-26] (Dropbox, Inc.)
Task: {3F63C3BF-16DE-448E-8EA2-2F461374DEE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {40C16C89-5B22-4B8C-9C81-473B802B8152} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-26] (Dropbox, Inc.)
Task: {43795A46-1FF9-4A31-981D-30CB8AC007EA} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-04-29] (AVAST Software)
Task: {5365D1B5-E050-4D5E-B386-8A29115A0649} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {62B24D5D-235A-4E36-865C-51B50C84E6CC} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-18] (AsusTek)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {6FC58DFB-4A3E-4FAD-8AF4-9436A7E9C509} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {751032FB-518B-42B1-84EC-DAFF4695A73D} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7850B879-5E1B-476A-B991-9C03A2657D77} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {7C491CC3-A7EB-44B8-90A9-0690098639ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {A062F24A-ED41-40A2-BBB2-89820E031FEC} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-23] (Realtek Semiconductor)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {AFA22716-C4BA-4686-9DA5-DE718D3639B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {BD7E9235-D6FD-45F3-8296-11EF58CB3323} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-09-05] (AVG Technologies CZ, s.r.o.)
Task: {C068958E-CE60-4AAD-BCA1-07F85FA70DBA} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {C309701D-993F-4B7D-BBDC-D1585BDBA587} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {D2752DCE-A1E9-4270-9538-4EBB314E8BB9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS)
Task: {D3DC6BC7-D16A-43C0-8A56-06919FFC6417} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D5BD7C62-99DC-423E-8165-EBF05A21819F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-07 19:42 - 2015-04-29 18:04 - 000445240 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2017-09-05 10:09 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-01 23:05 - 2016-11-01 23:05 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 21:59 - 2017-03-20 04:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-09 03:33 - 2017-06-09 03:34 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-25 07:53 - 2017-08-25 07:56 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-08-25 07:53 - 2017-08-25 07:56 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-05 08:58 - 2017-09-05 08:58 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2017-08-28 23:33 - 2017-08-23 09:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 23:33 - 2017-08-23 09:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-05-26 11:39 - 2017-05-26 11:38 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-09-05 08:58 - 2017-09-05 08:58 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-09-05 08:57 - 2017-09-05 08:57 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-07-04 09:04 - 2017-07-04 09:04 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-09-05 08:58 - 2017-09-05 08:58 - 000213024 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-09-05 08:58 - 2017-09-05 08:58 - 000243080 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-09-05 08:58 - 2017-09-05 08:58 - 000686808 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-11-07 19:42 - 2015-04-29 18:04 - 038561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FB184D-668D-41A4-9F5A-076FAAFCC8C1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{BA1AFFE5-004C-480D-86C2-4605D036DCD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{BD298078-E3C8-4AEB-BD73-D58C0D6845B3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E927C41A-9BF0-4259-B9E0-8B7B1570449E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{97471493-F33B-4D83-9779-7816B3A596CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A6D932F2-78BF-45F3-A0C2-1DD9C5341971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B51601E2-B10D-4327-AE6C-4F475F92CAD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{758D054B-9FA2-42FE-B36D-18B365AD32D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C08A187C-377B-4D17-9C3F-24F00D7F8811}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
FirewallRules: [{6662C383-4380-41D8-9E50-F46F355B7356}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3BDC0192-C57D-4CD1-B837-165D3E451DC9}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
FirewallRules: [{6F7810D0-4BB3-4B4C-983D-5581A322CFA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-08-2017 13:21:53 Scheduled Checkpoint
04-09-2017 13:31:25 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2017 07:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000409
Fault offset: 0x00000000000aa020
Faulting process ID: 0x1c7c
Faulting application start time: 0x01d31de2f806188d
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 7f4057e8-38e6-4006-a863-7c7199e2fba8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/25/2017 09:44:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/25/2017 09:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000409
Fault offset: 0x00000000000aa020
Faulting process ID: 0x1e88
Faulting application start time: 0x01d31be0d781daf7
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: e626625f-9628-4af9-ac74-04fd3ea352c9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/24/2017 11:46:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 11:20:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/20/2017 07:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004434af
Faulting process ID: 0x1bf8
Faulting application start time: 0x01d318b712f19e1f
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 60dfbe3c-4940-4fd7-9eb2-6064e1ae66ef
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (08/13/2017 04:45:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2017 11:03:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/10/2017 06:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Faulting module name: MtcUvc.dll, version: 10.0.15063.447, time stamp: 0x5948ade2
Exception code: 0xc0000005
Fault offset: 0x0000000000015b58
Faulting process ID: 0xbec
Faulting application start time: 0x01d311a60c75d5e6
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\ShellExperiences\MtcUvc.dll
Report ID: 6607c88b-b46b-4742-b0da-a4a623bcd054
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (08/09/2017 01:29:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MJDI0UT)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (09/05/2017 10:03:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/05/2017 10:03:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (09/05/2017 10:03:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/04/2017 10:52:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MJDI0UT)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (09/03/2017 11:15:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MJDI0UT)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (09/03/2017 07:56:49 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address F8-3D-FF-62-06-83. Network operations on this system may
be disrupted as a result.
 
Error: (08/31/2017 07:37:06 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address F8-3D-FF-62-06-83. Network operations on this system may
be disrupted as a result.
 
Error: (08/30/2017 10:58:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MJDI0UT)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (08/30/2017 07:35:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/26/2017 07:07:30 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address F8-3D-FF-62-06-83. Network operations on this system may
be disrupted as a result.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-07 14:22:56.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Asus\Downloads\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-07 14:22:56.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Asus\Downloads\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-07 14:22:56.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Asus\Downloads\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-07 14:22:56.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Asus\Downloads\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N3050 @ 1.60GHz
Percentage of memory in use: 54%
Total physical RAM: 8098.16 MB
Available physical RAM: 3668.18 MB
Total Virtual: 9378.16 MB
Available Virtual: 4900.07 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:872.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WALKMAN) (Removable) (Total:3.45 GB) (Free:0.34 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 639B72F4)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.5 GB) (Disk ID: 0049C3BC)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 11 September 2017 - 08:22 AM

Duplicate.
The topic will be closed.

#3 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 11 September 2017 - 01:55 PM

Hello nasdaq, Malwarebytes is still blocking outward connections, what steps shall I take?



#4 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 September 2017 - 06:03 AM

I have only 6 days left of the free MWB trial to block outgoing connections so this hopefully needs to be resolved before then. :-(



#5 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 September 2017 - 07:04 AM

Here's the last 3 connections blocked:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 9/10/17
Protection Event Time: 9:55 PM
Log File: 528c64aa-966a-11e7-8e7b-704d7bc3e7c3.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2727
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: thumb.ibb.co
IP Address: 104.27.127.62
Port: [51608]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 9/10/17
Protection Event Time: 9:55 PM
Log File: 536e13e6-966a-11e7-9e5f-704d7bc3e7c3.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2727
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: thumb.ibb.co
IP Address: 104.27.127.62
Port: [51609]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 9/10/17
Protection Event Time: 9:55 PM
Log File: 5380d8be-966a-11e7-91ed-704d7bc3e7c3.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2727
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: thumb.ibb.co
IP Address: 104.27.127.62
Port: [51610]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 12 September 2017 - 09:33 AM

I have added the FRST log found in an other closed log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2017
Ran by Asus (administrator) on DESKTOP-MJDI0UT (10-09-2017 12:09:52)
Running from C:\Users\Asus\Downloads
Loaded Profiles: Asus (Available Profiles: Asus)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Asus\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [289248 2017-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-24] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-05-26]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-11-07]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{60ba6940-ac27-4fae-9cfd-5282298301f2}: [DhcpNameServer] 10.66.72.1
Tcpip\..\Interfaces\{fc08b889-c124-4cd0-9953-40f8e1c50054}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2960247526-2325433752-1066332616-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2960247526-2325433752-1066332616-1001 -> {8BBDCA1D-D912-4714-86C6-C7E1BB6505A4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=chrf-iryus&type=ypi_znlrm_00_00_chr
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Google Slides) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-27]
CHR Extension: (Google Docs) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-27]
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-27]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-27]
CHR Extension: (Adblock Plus) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Google Sheets) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-27]
CHR Extension: (HTTPS Everywhere) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-28]
CHR Extension: (Yahoo Partner) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpacaholihkepnhgeeiipghhgonbhdfb [2017-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpacaholihkepnhgeeiipghhgonbhdfb] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Asus\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-08-08]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [276328 2017-09-05] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7502936 2017-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-24] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-26] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-04-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-18] (ASUS Corporation)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-09-05] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-09-05] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-09-05] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-09-05] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-09-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [140192 2017-09-05] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-09-05] (AVG Technologies CZ, s.r.o.)
R0 AvgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-09-05] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008800 2017-09-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [583288 2017-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [191720 2017-09-05] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [353744 2017-09-05] (AVG Technologies CZ, s.r.o.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7402992 2016-11-01] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-09] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 12:09 - 2017-09-10 12:09 - 002396160 _____ (Farbar) C:\Users\Asus\Downloads\FRST64 (3).exe
2017-09-10 12:09 - 2017-09-10 12:09 - 002396160 _____ (Farbar) C:\Users\Asus\Downloads\FRST64 (2).exe
2017-09-07 18:57 - 2017-09-07 19:01 - 093995272 _____ C:\Users\Asus\Downloads\afu (8).wmv
2017-09-06 13:09 - 2017-09-06 13:10 - 000032369 _____ C:\Users\Asus\Downloads\Addition.txt
2017-09-06 13:05 - 2017-09-10 12:11 - 000021451 _____ C:\Users\Asus\Downloads\FRST.txt
2017-09-06 12:57 - 2017-09-06 12:57 - 002395648 _____ (Farbar) C:\Users\Asus\Downloads\FRST64 (1).exe
2017-09-06 12:55 - 2017-09-10 12:09 - 000000000 ____D C:\FRST
2017-09-06 12:54 - 2017-09-06 12:54 - 002395648 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2017-09-06 11:02 - 2017-09-06 11:04 - 093995272 _____ C:\Users\Asus\Downloads\afu (7).wmv
2017-09-06 11:02 - 2017-09-06 11:02 - 007833778 _____ C:\Users\Asus\Downloads\afu11.wmv
2017-09-05 11:42 - 2017-09-05 11:42 - 000000679 _____ C:\Users\Asus\Desktop\MWB 2.txt
2017-09-05 11:41 - 2017-09-05 11:41 - 000000679 _____ C:\Users\Asus\Desktop\MWB 1.txt
2017-09-05 10:11 - 2017-09-05 10:11 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-05 10:10 - 2017-09-09 19:02 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-05 10:10 - 2017-09-09 19:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-05 10:10 - 2017-09-09 19:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-05 10:09 - 2017-09-09 19:02 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-05 10:09 - 2017-09-05 10:09 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-05 10:09 - 2017-09-05 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-05 10:09 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-05 08:58 - 2017-09-05 08:58 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-09-03 08:19 - 2017-09-03 08:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-08-31 09:33 - 2017-08-31 09:33 - 007249785 _____ C:\Users\Asus\Downloads\afu05.wmv
2017-08-28 10:07 - 2017-08-28 10:10 - 118859623 _____ C:\Users\Asus\Downloads\afu (6).wmv
2017-08-23 21:31 - 2017-08-23 21:31 - 001040896 _____ C:\Users\Asus\Downloads\VI-15-08-2017 (2).xls
2017-08-23 21:31 - 2017-08-23 21:31 - 001040896 _____ C:\Users\Asus\Downloads\VI-15-08-2017 (1).xls
2017-08-23 21:25 - 2017-08-23 21:25 - 001040896 _____ C:\Users\Asus\Downloads\VI-15-08-2017.xls
2017-08-23 15:38 - 2017-08-23 15:38 - 008174615 _____ C:\Users\Asus\Downloads\afu10.wmv
2017-08-11 15:21 - 2017-08-11 15:21 - 000088760 _____ C:\Users\Asus\Downloads\Osborne.jpg-large

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 09:08 - 2017-07-07 12:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-10 07:52 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-10 07:47 - 2017-05-26 11:11 - 000000184 _____ C:\Users\Asus\AppData\Roaming\sp_data.sys
2017-09-10 07:46 - 2017-07-07 12:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-10 07:46 - 2017-05-26 11:11 - 000000000 __SHD C:\Users\Asus\IntelGraphicsProfiles
2017-09-09 19:01 - 2017-07-07 13:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-09 19:01 - 2017-03-18 12:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-09-09 16:20 - 2017-07-07 13:22 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-09-09 08:00 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 09:02 - 2017-07-26 09:32 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2960247526-2325433752-1066332616-1001
2017-09-07 09:02 - 2017-05-26 11:23 - 000002366 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 09:02 - 2017-05-26 11:23 - 000000000 ___RD C:\Users\Asus\OneDrive
2017-09-06 13:10 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-05 10:03 - 2017-05-26 13:43 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-05 08:59 - 2017-07-07 13:22 - 000004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-09-05 08:58 - 2017-05-26 11:51 - 000583288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000353744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-09-05 08:58 - 2017-05-26 11:51 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 001008800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 000314128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-09-05 08:57 - 2017-05-26 11:51 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-09-04 11:06 - 2017-05-26 11:42 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-04 11:06 - 2017-05-26 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-04 07:56 - 2016-11-07 19:54 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-03 08:21 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-03 08:19 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-28 23:33 - 2017-05-26 12:57 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 23:33 - 2017-05-26 12:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 21:32 - 2017-05-26 11:11 - 000000000 ____D C:\Users\Asus\AppData\Local\Packages
2017-08-17 11:42 - 2017-07-07 13:22 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1495794822
2017-08-17 11:42 - 2017-06-30 11:38 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2017-08-17 11:42 - 2017-05-26 11:31 - 000000000 ____D C:\Program Files\Opera
2017-08-11 14:36 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2017-05-26 11:11 - 2017-09-10 07:47 - 000000184 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2017-07-07 12:57 - 2017-07-07 12:57 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-06 13:35

==================== End of FRST.txt ============================

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 12 September 2017 - 09:53 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-05-26]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR Extension: (Yahoo Partner) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpacaholihkepnhgeeiipghhgonbhdfb [2017-05-27]
CHR HKU\S-1-5-21-2960247526-2325433752-1066332616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpacaholihkepnhgeeiipghhgonbhdfb] - hxxps://clients2.google.com/service/update2/crx
U3 iswSvc; no ImagePath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

p.s.

Malwarebytes may be protecting you from these attacks.

If the problem persists change this setting.

How do I disable notifications in Malwarebytes Anti-Malware
https://support.malwarebytes.com/docs/DOC-1283

#8 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 September 2017 - 04:53 PM

Thanks, nasdaq - just about to go to bed here, so I'll do it first thing in the morning. 

 

Yes, that's what I am worried about - that I am under attack. The popups themselves don't bother me, but the worry about who is trying to do what to the PC is keeping me awake (at times).


Edited by PhilLatterly, 12 September 2017 - 04:55 PM.


#9 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 13 September 2017 - 01:48 AM

The FRST tool download(s) were just saved in the general 'Downloads' folder on the PC. So I opened a New Folder, moved FRST across to it and saved the fixlist as fixlist.txt in that New Folder - is this okay?

 

What I then did was click 'Fix' but am I supposed to Scan first?

I couldn't close FRST once it had started so I did a restart.

 

Hope all this is okay...!


Edited by PhilLatterly, 13 September 2017 - 01:56 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 13 September 2017 - 08:43 AM


Hi,


If the fix workded you will find a Fixlog.txt possibly in the folder were FRST is parked.
===

The attack is/was from IP Address: 104.27.127.62
Read about it.
https://who.is/whois-ip/ip-address/104.27.127.62

===

If the IP address is always the same we can stop it completely with the HOSTS file.

Let me know.

#11 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 13 September 2017 - 04:00 PM

Hello nasdaq. I am not sure whether the attacks are always from the same IP address. This is what boopme had to say, before:

 

"Malwarebytes is blocking Chrome.exe from accessing what it considers to be a bad site.

Domain: ocofiyymgfyxx.bid
Registrar: NameCheap, Inc.
Name: WhoisGuard Protected
Organization: WhoisGuard, Inc.
City: Panama
https://www.whois.com/whois/ocofiyymgfyxx.bid

Hostname:: ocofiyymgfyxx.bid
Organization: Total Uptime Technologies, LLC
http://ocofiyymgfyxx.bid.ipaddress.com/

IP Address resolves to Total Uptime Technologies, LLC
https://www.whois.com/whois/216.21.13.14
http://ocofiyymgfyxx.bid.ipaddress.com/

Looks like the domain was registered today so it's probably scammers."

 

https://www.bleepingcomputer.com/forums/t/655771/avg-quarantined-something-what-else-do-i-need-to-do/#entry4323389

 

Here's the FixLog:

 

https://www.bleepingcomputer.com/forums/t/655771/avg-quarantined-something-what-else-do-i-need-to-do/#entry4323389

 

How can I get rid of whatever it is that keeps being blocked by Malwarebytes? A little earlier it blocked something called Lp.blpmovies and I only have 4 days left of MWB's free trial - outward connections are not blocked by the standard free version, which is what it will revert to when my free trial has ended. :-(



#12 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 14 September 2017 - 02:53 AM

If anyone can help please chime-in because I am worried sick about this.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 14 September 2017 - 08:18 AM

Hi,

Did you follow this instruction?

How do I disable notifications in Malwarebytes Anti-Malware
https://support.malwarebytes.com/docs/DOC-1283


If not please do it and let me know if the problem persists.

#14 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 14 September 2017 - 08:25 AM

Not yet - is it better to leave it on, so if I am under attack I know about it, though? What can I do to stop the attacks that are making MWB throw-up the notification?

 

If I had a mallett I think I'd smash this PC!  :smash:  :hysterical:



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 PM

Posted 14 September 2017 - 08:28 AM

Please do what I suggest.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users