Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infested with lots of Adware and a few PUPs


  • This topic is locked This topic is locked
43 replies to this topic

#1 Keith_and_a_sandwich

Keith_and_a_sandwich

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 03:09 AM

Hello to everyone on the forum. I had a slow system and a pal who knows a bit more (though not much more!) than me suggested running a scan from a programme called SuperAntiSpyware. I did and it found quite a few things, as indicated above. The log will follow below, but is there anything else I need to do to get rid of anything lurking?

 

Thanks for reading. 

 

:guitar:

 

SUPERAntiSpyware Scan Log
 
Generated 10/07/2017 at 08:50 AM
 
Application Version : 6.0.1248
Database Version : 14021
 
Scan type       : Complete Scan
Total Scan Time : 00:27:20
 
Operating System Information
Windows 10 Home 64-bit (Build 10.00.14393)
UAC On - Limited User
 
Memory items scanned      : 868
Memory items detected   : 0
Registry items scanned    : 48778
Registry items detected : 2
File items scanned        : 23773
File items detected     : 489
 
Adware.InstallCore
(x86) HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Software\csastats
 
Adware.DownloadManager
(x86) HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Software\ProductSetup\1I1T1Q1S
 
Adware.Tracking Cookie
.tellapart.com\__cmbGU [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com\Conversion [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avg.com\sat_track [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.afy11.net\a [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.instinctiveads.com\__cfduid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intellitxt.com\VM_USR [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intellitxt.com\VM_COUNT [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KADUSERCOOKIE [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.instinctiveads.com\__inst_dv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.criteo.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postrelease.com\visitor [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.postrelease.com\has_data [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revcontent.com\__ID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bluekai.com\bkdc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.scorecardresearch.com\UID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.scorecardresearch.com\UIDR [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\wf [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.connatix.com\_ga [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.connatix.com\_gid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bttrack.com\GLOBALID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intellitxt.com\VM_CSYNC_ax [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revcontent.com\i_0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\TestIfCookieP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\DPSync2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pubmatic.com\pubsyncexp [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__spcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__upcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mfad.inskinad.com\azk [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\pubtime_197603 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\uuidc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.3lift.com\tlcookieable [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revcontent.com\s_0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ib.3lift.com\tl_sync_start [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ib.3lift.com\tl_sync_idx [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\c [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\tuuid_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com\ACID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.go.sonobi.com\__uis [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.go.sonobi.com\__uin_tl [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sync.go.sonobi.com\AWSELB [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rlcdn.com\ck1 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__mscv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__lscv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__ascv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__cscv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__mpcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__lpcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__apcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.inskinad.com\__cpcv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sitescout.com\ssi [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhigh.net\gi_u [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gumgum.com\vst [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhigh.net\tpl_sync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.storygize.net\U [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adx1.com\cookie_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videostat.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videostat.com\id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.connatix.com\cuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com\IMRID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.korrelate.net\adsuu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.jsrdn.com\u [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\pp [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\TEMPHPAUSRBKCNT_0_0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\PMDTSHR [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de\JEB2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everesttech.net\gglck [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.262855726.log.optimizely.com\end_user_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.262855726.log.optimizely.com\bucket_map [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ibeu2.mookie1.com\ibkukiuno [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ibeu2.mookie1.com\ibkukinet [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_dc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchaddthis [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr\AFFICHE_W [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.com\wui [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.com\wam-sync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tidaltv.com\tidal_ttid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tubemogul.com\_tmid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\um [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\bt2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\di2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\vc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\uvc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\loc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeota.net\mako_uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracker.yougov.com\ygtrk [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\p_synced [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdns.us1.gigya.com\gig3pctest [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMSC [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.bleepingcomputer.com\fitrack [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.skimresources.com\skimSESS [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\ruid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\rsid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\syncdata_AN [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\__cfduid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\ANUSERCOOKIE [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_aud [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_cc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net\DSID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.skimresources.com\skimGUID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.skimresources.com\skimORIGIN [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net\IDE [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teads.tv\tt_viewer [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teads.tv\tt_exelate [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teads.tv\tt_bluekai [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teads.tv\tt_emetriq [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lijit.com\3pids [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com\rmuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dsp.linksynergy.com\__df_v5 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
io.narrative.io\io.narrative.guid.v2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.domdex.com\PIXELfxvzyvaxf [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.domdex.com\PAD [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn.firstimpression.io\OAID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.avocet.io\uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.skimresources.com\skimCSP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de17a.com\cc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de17a.com\guid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com\ad-id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com\ad-privacy [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.3lift.com\tluid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.thebrighttag.com\bt3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.thebrighttag.com\btv3.an [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de17a.com\ss [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.criteo.com\zdi [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.criteo.com\eid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dotomi.com\DotomiNet [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dotomi.com\DotomiUser [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dotomi.com\rt_15900 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dotomi.com\rt_19998 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nr-data.net\JSESSIONID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.abmr.net\01AI [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\HRL8 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net\HumanClickKEY [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net\LivePersonID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net\LivePersonID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
u3s.mathtag.com\bs_mop_u3s [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com\Conversion [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.onesignal.com\__cfduid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.districtm.ca\__cfduid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.adzerk.net\__cfduid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\csuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\csuuidts [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.districtm.ca\dmio_dmuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.districtm.ca\dmio_sync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\v7709353 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net\HumanClickSiteContainerID_28464961 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchgoogle [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com\LogID1_3374677 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com\lv_2247510 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com\CfP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com\ATN [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com\JEB2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c.deployads.com\d7s_dc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\sasd2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\sasd [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\csfq [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.360yield.com\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.360yield.com\tuuid_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.udmserve.net\udmts [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.udmserve.net\dt [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.udmserve.net\sekid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.company-target.com\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.company-target.com\tuuid_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\FFgip [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\FFgb [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\ZEDOIDA [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\FFIDA [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\cw [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.deccanchronicle.com\_cs_event_counter [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.deccanchronicle.com\_cs_g_event_counter [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trc.taboola.com\taboola_session_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trc.taboola.com\JSESSIONID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.taboola.com\stpt [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trc.taboola.com\taboola_upci [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.taboola.com\t_vpub [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\froc42345bn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\pd [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
secure-assets.rubiconproject.com\fcap [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.netmng.com\dsp_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchcasale [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidr.io\bito [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.taboola.com\t_gid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.taboola.com\taboola_usg [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adscale.de\uu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ih.adscale.de\tu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-171 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-159 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nexage.com\CfP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nexage.com\PNUT3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-45 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-529 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1rx.io\_rxuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videohub.tv\UIXX_UPDT [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videohub.tv\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_22 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-167 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atemda.com\UM1 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atemda.com\vi [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atemda.com\fid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-951 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-892 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\uid-bp-717 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\cd [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\au [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tap.rubiconproject.com\dq [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\FFcat [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\FFad [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3320 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www9.smartadserver.com\x-smrt-d [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com\APID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com\APIDTS [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.simpli.fi\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everesttech.net\everest_session_v2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everesttech.net\everest_g_v2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhigh.net\bsw_sync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com\IDSYNC [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.domdex.com\PIXELpnfnyr [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tremorhub.com\tvid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tremorhub.com\tvv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tremorhub.com\tvrg_60267 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\syncdata_JVX [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lijit.com\ljtrtb [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ebdr3.com\guid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\si [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adswizz.com\OAID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\ses55 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\vis55 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhigh.net\appnexus_sync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.outbrain.com\apnxs [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.jivox.com\jvxsync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zemanta.com\zuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
i.liadm.com\_li_ss [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liadm.com\lidid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.omnitagjs.com\ayl_visitor [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adgrx.com\ADGRX_UID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.connexity.net\COu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adventori.com\tk_ui_third [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adgrx.com\ADGRX_CM_APPNEXUS_BRIDGED [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\uids [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adventori.com\tk_ui [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\v8946755 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com\adm_DLDdwoAvzlrj4hE36dBo-g [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ligadx.com\LIG_ULT [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ligadx.com\LIG_U16 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adkernel.com\ADK_EX_15 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adkernel.com\ADKUID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ebdr3.com\duid_340 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com\zusr [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.adzerk.net\azk [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sundaysky.com\sskyu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sundaysky.com\sskyCreationTime [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\ses57 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\vis57 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tap-secure.rubiconproject.com\pux [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com\ANON_ID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\ub [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\rc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\SyncRTB2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com\vstcnt [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com\clid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com\sglst [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com\acs [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.254a.com\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.254a.com\tuuid_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lkqd.net\lkqdidts [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lkqd.net\lkqdid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com\fc5 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com\lv_2251189 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.angsrvr.com\uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tag.1rx.io\ajess1_5C1E3FDA15B050E4B2366441 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1rx.io\1r_dsp [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.acuityplatform.com\auid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhood.com\uid_4b57b020-ab2f-11e7-a4b8-83dc7730d82c [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhood.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adhood.com\gcms [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\euds [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\smd [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com\fc3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com\lv_2247512 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2395 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1994 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2760 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_4192 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_4370 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2082 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxcore.com\advst_uid_11 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dispatcher.adxcore.com\DISPATCHER [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2687 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_80 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adotmob.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adotmob.com\uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adotmob.com\partners [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3956 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virool.com\vrlid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1902 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3838 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3822 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everesttech.net\ev_sync_rc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_5120 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2181 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipredictive.com\cu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2861 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2950 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gwallet.com\ra1_uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gwallet.com\ra1_pd [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gwallet.com\ra1_pd_795236736 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2271 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchopenx [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3840 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchbluekai [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.runadtag.com\RUNDSP_UID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
d.runadtag.com\RUNDSP_Session [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.undertone.com\UTV [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
match.rundsp.com\BK_SYNC [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
match.rundsp.com\RUN_INDEX [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\SPugT [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_18 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP6 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP12 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP4 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP14 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP19 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.scorecardresearch.com\CP22 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.net\visitor-id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.net\data-mm [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.360yield.com\um [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.360yield.com\umeh [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\syncdata_VD [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\OAX [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.turn.com\JSESSIONID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\rrs [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\rds [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\rv [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1185 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrn.com\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\na_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\mt_misc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.undertone.com\UTIDBKUP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.undertone.com\UTID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mxptint.net\mxpim [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2313 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1986 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2974 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1512 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2676 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\wfivefivec [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_1523 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\ses10 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\vis10 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\ses15 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\vis15 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\anj [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\icu [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\na_tc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tap2-cdn.rubiconproject.com\pux [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2249 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldlab.net\id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eqads.com\EQUser [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adgrx.com\ADGRX_CM_CASALE_BRIDGED [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyereturn.com\er_guid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.extend.tv\extendtv_user_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\p2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\cc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com\rtbData0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com\svid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com\mojo3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sitescout.com\_ssum [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3876 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2238 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\rud [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\eud [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\ruds [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2596 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com\UMAP [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2309 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2146 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_4884 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_4968 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_2307 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\rpb [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\put_3778 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pixel.rubiconproject.com\rpx [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KTPCACOOKIE [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsensecustomsearchads.com\ACSA [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\khaos [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.agkn.com\ab [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.agkn.com\u [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_27 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\PugT [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\PUBMDCID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMPS [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMPRO [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
match.rundsp.com\RUN_ID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com\S_22731315 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tag.clrstm.com\tuuid_new [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tag.clrstm.com\tuuid_new_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virool.com\exchange_bidswitch_user_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exe.bid\session_tptc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exe.bid\user_id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\dyncdn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\pbw [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\pbwmaj6 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com\UserID1 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMST [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMDD [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMRUM3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\sess [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\uuid2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lijit.com\ljt_reader [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\vf [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.geo-um.btrll.com\jncHU6CO [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.btrll.com\BR_APS [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com\ADMARK [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_TTD_SYNC [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_TS [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_DID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.krxd.net\_kuid_ [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tidaltv.com\sync-his [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsymptotic.com\U [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adentifi.com\adtheorent[cuid] [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.creative-serving.com\tuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.creative-serving.com\tuuid_last_update [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rtb.adentifi.com\adtheorent[cuid] [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com\__ev_uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\i [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\sto-id-20480-bh [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rlcdn.com\rlas3 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rlcdn.com\rtn1-z [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_sspurl_38 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_maxage_38 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_sspid_38 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lkqd.net\p_0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.demdex.net\demdex [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dpm.demdex.net\dpm [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bluekai.com\bku [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1exchange.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1exchange.com\mmuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\V [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\pb_rtb_ev [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1exchange.com\ppuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\id [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mookie1.com\mdata [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.afy11.net\s [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\frcps2017-10-07 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\v8578138 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\froc49159bn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\frovalbn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sekindo.com\froimpsbn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nexac.com\na_tc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spotxchange.com\user-0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com\userData [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com\ctsSegments [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1rx.io\aj_fp [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com\APID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adaptv.advertising.com\adaptv_unique_user_cookie [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\UID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.stickyadstv.com\sessionId [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com\S_22687427 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com\A6 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com\u2 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.addthis.com\mus [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exelator.com\EE [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exelator.com\ud [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\mt_mop [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sxp.smartclip.net\dspuuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sxp.smartclip.net\psyn [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sxp.smartclip.net\uuid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsrvr.org\TDID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsrvr.org\TDCPM [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gssprt.jp\gid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gssprt.jp\tone [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.semasio.net\SEUNCY [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\Trk0 [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
presentation-ams1.turn.com\JSESSIONID [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\uid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\fc [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\csync [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dyntrk.com\dyn_u [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\vs [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\pid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www5.smartadserver.com\x-smrt-d [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com\pdomid [ C:\USERS\ASUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
doubleclick.net/.IDE [ C:\USERS\ASUS\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\AC\#!001\MICROSOFTEDGE\COOKIES\QRBB3L7Z.COOKIE ]
 
============
 End of Log 
============
 


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:26 PM

Posted 07 October 2017 - 03:37 AM

Hello Keith_and_a_sandwich and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

AdwCleaner log
JRT.txt
Mbam.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 04:32 AM

Hi Satchfan, thanks so much for your response!!

 

AdwCleaner log:

 

  # AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 07 09:31:13 2017

# Updated on 2017/29/09 by Malwarebytes 
# Database: 10-04-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\Asus\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#4 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 05:07 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Asus (Administrator) on 07/10/2017 at 10:36:16.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Asus\AppData\Local\ysearchutil (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2017 at 11:05:43.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 05:24 AM

MWB found 2 PUPs which I got it to quarantine:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/7/17
Scan Time: 11:15 AM
Log File: 82f03dd6-ab48-11e7-9abb-107b445e6ce1.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.2969
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.351)
CPU: x64
File System: NTFS
User: DESKTOP-LRNV8MC\Asus
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336717
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 44 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [14208], [242047],1.0.2969
 
Registry Value: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14208], [242047],1.0.2969
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Keith_and_a_sandwich, 07 October 2017 - 05:25 AM.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:26 PM

Posted 07 October 2017 - 07:28 AM

Hm, not much found there so we’ll need to run a couple more.

Run Zemana AntiMalware

Download Zemana AntiMalware:

  • open the program and without changing any options, press Scan
  • after the scan is finished, if threats are detected press Next to remove them

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • open Zemana AntiMalware again and locate the report
  • please paste the contents into your reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Zemana log
Frst.txt
Addition.txt


I am a bit busy and wiil be unable to reply until this evening, (GMT), so please bear with me.

 

Thanks

 

Satchfan


Edited by satchfan, 07 October 2017 - 07:30 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 03:52 PM

Please don't apologise - I am just so grateful that you are spending time helping me!

 

I don't know if it is significant but earlier, Malwarebytes blocked 3 'outward' connections. The popups notifying me were not visible for long enough for me to write down what connections the computer as trying to make. 



#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:26 PM

Posted 07 October 2017 - 04:37 PM

Malwarebytes found threats but you didn't follow the instructions:

when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found

 

Can you run Malwarebytes again and allow it to clean what was found.

 

When you've done that, follow the instructions in the previous post so that we can see what's left.

 

Satchfan.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 07 October 2017 - 04:53 PM

Okay, will do: I downloaded and ran Zemana before I saw this post and it removed an AVG add-on. I've got the log for it if you think it is worthwhile seeing it.

 

So unless you tell me different I'll do as instructed in your last post and run Malwarebytes and then Zemana again (then Farbar Recovery Scan Tool). I will do it tomorrow, I must go to bed now, am falling asleep.

 

Thanks again for your help! :-D



#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:26 PM

Posted 07 October 2017 - 05:02 PM

Just run Malwarebytes again and allow it to quarantine what was found then run FRST and post all four logs:

 

Mbam.txt
Zemana log
Frst.txt
Addition.txt

 

Have a good sleep. :)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 08 October 2017 - 01:46 AM

Morning. I have checked back before I run MWB again. I have gone into the 'Quarantine' option on the menu - it *did* quarantine the two PUPs found above, they are both there as having being quarantined. I'll run it again, though, and see what happens and put the log up. 



#12 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 08 October 2017 - 02:56 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/8/17
Scan Time: 7:46 AM
Log File: 753fa99a-abf4-11e7-9625-107b445e6ce1.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.2973
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.351)
CPU: x64
File System: NTFS
User: DESKTOP-LRNV8MC\Asus
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336798
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 29 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#13 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 08 October 2017 - 03:03 AM

I can't find yesterday's Zemana report. It removed an AVG Chrome add-on. I went into Chrome this morning and it immediately gave me the option to delete the add-on, so I did, and it;s not there. For sake of completeness and to generate a report I'm running Zemana again.



#14 Keith_and_a_sandwich

Keith_and_a_sandwich
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 08 October 2017 - 03:38 AM

Right, re-ran Zemana and I don't *think* it generated a report. There's nothing in the Reports icon section of it and nothing was opened in notepad. I'll go to Farbar SRT now. 

 

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2017
Ran by Asus (administrator) on DESKTOP-LRNV8MC (08-10-2017 09:33:47)
Running from C:\Users\Asus\Downloads
Loaded Profiles: Asus (Available Profiles: Asus)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_457b8915f31c148e\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_457b8915f31c148e\IntelCpHDCPSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_457b8915f31c148e\IntelCpHeciSvc.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_457b8915f31c148e\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6db1ad80-bf3a-4b65-87bc-c4e7bad62d43}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{8faccffc-3a1d-4d33-ad70-f029007428b3}: [DhcpNameServer] 0.0.0.0
 
Internet Explorer:
==================
HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3703704017-2634269700-2290171362-1001 -> {9D1EFB1B-EFE4-4632-ABB7-20F511A8735B} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&intl=uk&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-07] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-07] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-10-07] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-06] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=chrf-iryus&type=ypi_znlrm_00_00_chr
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default [2017-10-08]
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-06]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-06]
CHR Extension: (Gmail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-06]
CHR Extension: (Chrome Media Router) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-06]
CHR HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dbiedhgodcehlaaikjdedhdafceplbad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-11-28] (Windows ® Win 7 DDK provider)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-06] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-09-27] (Microsoft Corporation)
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2215168 2016-11-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\iCLS\SocketHeciServer.exe [974632 2016-05-23] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [176416 2016-11-16] (Intel Corporation)
R2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [99320 2016-10-11] (ASUS Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4320176 2016-11-27] (Qualcomm Atheros Communications, Inc.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-10-06] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314640 2017-10-06] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-10-06] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-10-06] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-10-06] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-10-06] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-10-06] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-10-06] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-10-06] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1012952 2017-10-06] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [579584 2017-10-06] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [193768 2017-10-06] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [355856 2017-10-06] (AVG Technologies CZ, s.r.o.)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [608656 2016-11-28] (Qualcomm)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [71232 2016-11-01] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [66616 2016-11-01] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [350272 2016-11-01] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [104248 2016-08-03] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-10-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [45504 2017-10-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-10-08] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [419296 2017-01-19] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-07] (Zemana Ltd.)
U3 iswSvc; no ImagePath
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-08 09:33 - 2017-10-08 09:35 - 000018212 _____ C:\Users\Asus\Downloads\FRST.txt
2017-10-08 09:33 - 2017-10-08 09:33 - 000000000 ____D C:\FRST
2017-10-08 09:31 - 2017-10-08 09:31 - 002400768 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2017-10-08 09:28 - 2017-10-08 09:28 - 001796608 _____ (Farbar) C:\Users\Asus\Downloads\FRST.exe
2017-10-08 08:06 - 2017-10-08 08:14 - 000000000 ____D C:\Program Files\rempl
2017-10-08 07:53 - 2017-10-08 07:53 - 000001244 _____ C:\Users\Asus\Desktop\mwb 0810.txt
2017-10-07 22:30 - 2017-10-08 09:33 - 000100506 _____ C:\Windows\ZAM.krnl.trace
2017-10-07 22:30 - 2017-10-08 09:33 - 000058964 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-10-07 22:30 - 2017-10-07 22:30 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-10-07 22:30 - 2017-10-07 22:30 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-10-07 22:30 - 2017-10-07 22:30 - 000001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-10-07 22:29 - 2017-10-07 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-10-07 22:29 - 2017-10-07 22:30 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-10-07 21:54 - 2017-10-07 21:54 - 000000000 ____D C:\Users\Asus\AppData\Local\Zemana
2017-10-07 21:52 - 2017-10-07 21:52 - 006625600 _____ (Zemana Ltd. ) C:\Users\Asus\Downloads\Zemana.AntiMalware.Setup.exe
2017-10-07 20:07 - 2017-10-07 20:07 - 000074909 _____ C:\Users\Asus\Downloads\Joris Anti-English Racism Shortlist.jpg-large
2017-10-07 19:36 - 2017-10-07 19:43 - 000000000 ____D C:\Users\Asus\Desktop\COPY OF MP3 PLAYER
2017-10-07 19:33 - 2017-10-07 19:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-10-07 14:39 - 2017-10-07 14:39 - 000000000 ____D C:\Users\Asus\AppData\Local\UNP
2017-10-07 11:38 - 2017-10-07 11:43 - 000000000 ____D C:\Windows\system32\MRT
2017-10-07 11:37 - 2017-10-07 11:37 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-07 11:24 - 2017-10-07 11:24 - 000001408 _____ C:\Users\Asus\Desktop\mwb.txt
2017-10-07 11:23 - 2017-10-07 11:23 - 000001451 _____ C:\Users\Asus\Desktop\MWB quarantine.txt
2017-10-07 11:22 - 2017-04-21 22:53 - 000029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-10-07 11:22 - 2017-04-21 22:50 - 000030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-10-07 11:21 - 2017-04-21 22:50 - 000018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-10-07 11:21 - 2017-04-11 19:27 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-10-07 11:21 - 2017-03-15 19:15 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-10-07 11:20 - 2017-04-21 22:53 - 000018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-10-07 11:20 - 2017-04-11 19:27 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-10-07 11:20 - 2017-03-15 19:15 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-10-07 11:14 - 2017-10-08 07:44 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-07 11:14 - 2017-10-08 07:40 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-07 11:14 - 2017-10-08 07:40 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-07 11:14 - 2017-10-07 11:14 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-07 11:13 - 2017-10-08 07:40 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-07 11:13 - 2017-10-07 11:13 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-07 11:13 - 2017-10-07 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-07 11:12 - 2017-10-07 11:14 - 000000000 ____D C:\Program Files\UNP
2017-10-07 11:12 - 2017-10-07 11:12 - 000000000 ____D C:\Windows\system32\UNP
2017-10-07 11:07 - 2017-10-07 11:09 - 071535032 _____ (Malwarebytes ) C:\Users\Asus\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-10-07 11:05 - 2017-10-07 11:05 - 000000619 _____ C:\Users\Asus\Desktop\JRT.txt
2017-10-07 10:35 - 2017-10-07 10:35 - 001790024 _____ (Malwarebytes) C:\Users\Asus\Downloads\JRT.exe
2017-10-07 10:27 - 2017-10-07 10:31 - 000000000 ____D C:\AdwCleaner
2017-10-07 10:26 - 2017-10-07 10:26 - 008250832 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_7.0.3.1.exe
2017-10-07 10:13 - 2017-10-07 10:13 - 002398115 _____ C:\Users\Asus\Downloads\CBP-7783.pdf
2017-10-07 09:22 - 2017-10-07 09:22 - 000000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2017-10-07 08:31 - 2017-10-07 08:31 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-10-07 08:17 - 2017-10-07 08:17 - 000000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-10-07 08:11 - 2017-10-07 08:11 - 000441296 _____ C:\Windows\system32\Drivers\vsconfig.xml
2017-10-07 08:11 - 2017-10-07 08:11 - 000000000 ____D C:\Users\Asus\AppData\Roaming\Yahoo
2017-10-07 08:11 - 2017-10-07 08:11 - 000000000 ____D C:\Users\Asus\AppData\Local\Yahoo
2017-10-07 08:10 - 2017-10-07 08:10 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2017-10-07 08:10 - 2017-10-07 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-10-07 08:06 - 2017-10-07 08:10 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2017-10-07 08:05 - 2017-10-07 08:05 - 000000000 ____D C:\ProgramData\CheckPoint
2017-10-07 08:01 - 2017-10-07 08:01 - 005984464 _____ (Check Point Software Technologies Ltd.) C:\Users\Asus\Downloads\zafwSetupWeb_151_504_17269.exe
2017-10-07 07:55 - 2017-10-07 07:55 - 000000000 ____D C:\Users\Asus\AppData\Roaming\SUPERAntiSpyware.com
2017-10-07 07:54 - 2017-10-07 07:54 - 000001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-07 07:54 - 2017-10-07 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-07 07:52 - 2017-10-07 07:55 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-07 07:52 - 2017-10-07 07:52 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-10-07 07:51 - 2017-10-07 07:51 - 030660264 _____ (SUPERAntiSpyware) C:\Users\Asus\Downloads\SUPERAntiSpyware.exe
2017-10-06 22:50 - 2017-08-04 06:31 - 001564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 001214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-10-06 22:50 - 2017-08-04 06:31 - 000096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-10-06 22:50 - 2017-08-04 06:31 - 000034656 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-10-06 22:50 - 2017-08-04 05:26 - 000192864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-10-06 22:13 - 2017-10-07 11:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-06 22:13 - 2017-10-06 22:13 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-06 22:13 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-06 22:05 - 2017-10-06 22:06 - 071535032 _____ (Malwarebytes ) C:\Users\Asus\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-06 21:41 - 2016-12-21 08:08 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-10-06 21:41 - 2016-12-21 05:44 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-10-06 21:26 - 2017-10-06 21:26 - 000002057 _____ C:\Users\Asus\Desktop\Welcome to ASUS Product Registration.lnk
2017-10-06 21:26 - 2017-10-06 21:26 - 000000000 ____D C:\ProgramData\APRP
2017-10-06 20:13 - 2017-10-06 20:13 - 000000000 ____D C:\Users\Asus\AppData\Roaming\AVG
2017-10-06 20:09 - 2017-10-06 20:09 - 000004008 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-10-06 20:09 - 2017-10-06 20:07 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-10-06 20:09 - 2017-10-06 20:07 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-10-06 20:09 - 2017-10-06 20:04 - 001012952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-10-06 20:09 - 2017-10-06 20:00 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-10-06 20:09 - 2017-10-06 20:00 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-10-06 20:09 - 2017-10-06 20:00 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-10-06 20:09 - 2017-10-06 19:59 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-10-06 20:09 - 2017-10-06 19:59 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-10-06 20:08 - 2017-10-06 20:07 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-10-06 19:15 - 2017-10-06 19:15 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-10-06 19:15 - 2017-10-06 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-10-06 19:13 - 2017-10-08 07:55 - 000003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-10-06 19:13 - 2017-10-06 19:16 - 000000000 ____D C:\Program Files (x86)\AVG
2017-10-06 19:12 - 2017-10-06 19:12 - 000000000 ____D C:\Users\Asus\AppData\Local\CEF
2017-10-06 19:11 - 2017-10-06 23:10 - 000000000 ____D C:\ProgramData\Avg
2017-10-06 19:11 - 2017-10-06 20:12 - 000000000 ____D C:\Users\Asus\AppData\Local\Avg
2017-10-06 19:11 - 2017-10-06 19:14 - 000000000 ____D C:\Users\Asus\AppData\Local\AvgSetupLog
2017-10-06 19:09 - 2017-10-06 19:11 - 003449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Asus\Downloads\Antivirus_Free_1892.exe
2017-10-06 18:30 - 2017-10-06 19:40 - 000000000 ___HD C:\$WINDOWS.~BT
2017-10-06 18:22 - 2017-10-06 18:30 - 000000036 _____ C:\Windows\progress.ini
2017-10-06 18:00 - 2017-10-06 18:00 - 000000000 ____D C:\Users\Asus\AppData\Local\Crashpad
2017-10-06 17:25 - 2017-10-06 17:25 - 000000000 ____D C:\Users\Asus\AppData\Local\Comms
2017-10-06 17:13 - 2017-10-06 17:13 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3703704017-2634269700-2290171362-1001
2017-10-06 17:10 - 2017-10-06 17:13 - 000002366 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-06 17:10 - 2017-10-06 17:13 - 000000000 ___RD C:\Users\Asus\OneDrive
2017-10-06 16:59 - 2017-10-06 16:59 - 000000000 ____D C:\Users\Asus\AppData\Roaming\Macromedia
2017-10-06 16:55 - 2017-10-06 16:55 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-06 16:55 - 2017-10-06 16:55 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-06 16:52 - 2017-10-08 08:15 - 000000182 _____ C:\Users\Asus\AppData\Roaming\sp_data.sys
2017-10-06 16:52 - 2017-10-06 16:54 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-06 16:52 - 2017-10-06 16:52 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-06 16:52 - 2017-10-06 16:52 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-06 16:51 - 2017-10-06 17:32 - 000000000 ____D C:\Users\Asus\AppData\Local\Google
2017-10-06 16:51 - 2017-10-06 16:51 - 001130328 _____ (Google Inc.) C:\Users\Asus\Downloads\ChromeSetup.exe
2017-10-06 16:49 - 2017-10-06 16:50 - 000000000 ____D C:\Users\Asus\AppData\Local\MicrosoftEdge
2017-10-06 16:48 - 2017-10-06 18:22 - 000000000 ___HD C:\$GetCurrent
2017-10-06 16:47 - 2017-10-06 18:30 - 000000000 ____D C:\Windows10Upgrade
2017-10-06 16:47 - 2017-10-06 16:48 - 000000819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-10-06 16:47 - 2017-10-06 16:47 - 000000807 _____ C:\Users\Asus\Desktop\Windows 10 Upgrade Assistant.lnk
2017-10-06 16:45 - 2017-10-07 12:39 - 000000000 ____D C:\Users\Asus\AppData\Local\Publishers
2017-10-06 16:44 - 2017-10-08 08:58 - 000000000 ____D C:\Users\Asus
2017-10-06 16:44 - 2017-10-08 07:40 - 000000000 __SHD C:\Users\Asus\IntelGraphicsProfiles
2017-10-06 16:44 - 2017-10-07 12:39 - 000000000 ____D C:\Users\Asus\AppData\Local\Packages
2017-10-06 16:44 - 2017-10-07 07:59 - 000000000 ____D C:\Users\Asus\AppData\Local\ConnectedDevicesPlatform
2017-10-06 16:44 - 2017-10-06 18:04 - 000000000 ____D C:\Users\Asus\AppData\Local\ASUS GIFTBOX
2017-10-06 16:44 - 2017-10-06 16:44 - 000000020 ___SH C:\Users\Asus\ntuser.ini
2017-10-06 16:44 - 2017-10-06 16:44 - 000000000 ____D C:\Users\Asus\AppData\Roaming\Adobe
2017-10-06 16:44 - 2017-10-06 16:44 - 000000000 ____D C:\Users\Asus\AppData\Local\VirtualStore
2017-10-06 16:44 - 2017-10-06 16:44 - 000000000 ____D C:\Users\Asus\AppData\Local\TileDataLayer
2017-10-06 16:43 - 2017-10-06 16:44 - 000000000 ____D C:\ProgramData\USBChargerPlus
2017-10-06 16:40 - 2017-10-06 16:40 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2017-10-06 16:39 - 2017-05-25 06:56 - 000038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-08 08:39 - 2016-07-16 12:36 - 000000000 ____D C:\Windows\CbsTemp
2017-10-08 08:14 - 2016-11-11 09:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-10-08 07:46 - 2016-11-11 16:52 - 000676048 _____ C:\Windows\system32\perfh013.dat
2017-10-08 07:46 - 2016-11-11 16:52 - 000169122 _____ C:\Windows\system32\perfc013.dat
2017-10-08 07:46 - 2016-11-11 16:47 - 000697218 _____ C:\Windows\system32\perfh010.dat
2017-10-08 07:46 - 2016-11-11 16:47 - 000167034 _____ C:\Windows\system32\perfc010.dat
2017-10-08 07:46 - 2016-11-11 16:43 - 000711914 _____ C:\Windows\system32\perfh00C.dat
2017-10-08 07:46 - 2016-11-11 16:43 - 000170824 _____ C:\Windows\system32\perfc00C.dat
2017-10-08 07:46 - 2016-11-11 16:39 - 000666010 _____ C:\Windows\system32\perfh007.dat
2017-10-08 07:46 - 2016-11-11 16:39 - 000171366 _____ C:\Windows\system32\perfc007.dat
2017-10-08 07:46 - 2016-11-11 09:16 - 003591274 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-08 07:39 - 2016-11-11 09:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-07 23:00 - 2016-07-16 07:04 - 000262144 _____ C:\Windows\system32\config\BBI
2017-10-07 22:59 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\system32\appraiser
2017-10-07 20:26 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-07 20:26 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\AppReadiness
2017-10-07 19:33 - 2016-07-16 12:45 - 000000000 ____D C:\Windows\INF
2017-10-07 13:44 - 2017-07-07 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-10-07 13:44 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-10-07 08:39 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\system32\NDF
2017-10-07 08:33 - 2016-07-16 12:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-07 08:31 - 2016-07-16 12:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-07 08:28 - 2017-07-07 22:26 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-07 07:42 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\appcompat
2017-10-07 00:35 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\rescache
2017-10-07 00:33 - 2017-07-07 22:12 - 000001984 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2017-10-07 00:33 - 2017-07-07 22:10 - 000002340 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2017-10-07 00:33 - 2017-07-07 22:08 - 000002924 _____ C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2017-10-07 00:33 - 2017-07-07 22:08 - 000002214 _____ C:\Windows\System32\Tasks\ATK Package A22126881260
2017-10-07 00:33 - 2017-07-07 22:03 - 000002346 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2017-10-07 00:33 - 2017-07-07 22:03 - 000002280 _____ C:\Windows\System32\Tasks\RTKCPL
2017-10-07 00:33 - 2017-07-07 22:00 - 000003134 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-10-07 00:33 - 2016-11-11 09:17 - 000003270 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_Administrator
2017-10-07 00:33 - 2016-11-11 09:17 - 000003028 _____ C:\Windows\System32\Tasks\WpsExternal_20161111081738
2017-10-06 21:26 - 2016-11-11 09:17 - 000000000 ____D C:\Windows\System32\Tasks\ASUSTek Computer Inc
2017-10-06 21:19 - 2017-07-07 22:14 - 000000000 ____D C:\ProgramData\McAfee
2017-10-06 21:19 - 2017-07-07 22:14 - 000000000 ____D C:\Program Files\mcafee
2017-10-06 21:19 - 2017-07-07 22:14 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-10-06 20:28 - 2016-07-16 12:47 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-10-06 20:28 - 2016-07-16 07:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-10-06 18:35 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-10-06 18:30 - 2017-07-07 22:50 - 000001890 _____ C:\Windows\diagwrn.xml
2017-10-06 18:30 - 2017-07-07 22:50 - 000001890 _____ C:\Windows\diagerr.xml
2017-10-06 18:30 - 2016-11-11 17:06 - 000000000 ____D C:\Windows\Panther
2017-10-06 16:44 - 2017-07-07 21:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-06 16:40 - 2016-07-16 12:47 - 000000000 ____D C:\Windows\system32\oobe
 
==================== Files in the root of some directories =======
 
2017-10-06 16:52 - 2017-10-08 08:15 - 000000182 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2017-07-07 22:03 - 2017-07-07 22:03 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2016-05-31 10:13 - 2016-05-31 10:13 - 000219264 _____ (McAfee, Inc.) C:\Users\Asus\AppData\Local\Temp\McCSPInstall.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-11-11 09:07
 
==================== End of FRST.txt ============================

FRST 'Addition':

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2017
Ran by Asus (08-10-2017 09:36:03)
Running from C:\Users\Asus\Downloads
Windows 10 Home Version 1607 (X64) (2017-10-06 15:42:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3703704017-2634269700-2290171362-500 - Administrator - Disabled)
Asus (S-1-5-21-3703704017-2634269700-2290171362-1001 - Administrator - Enabled) => C:\Users\Asus
DefaultAccount (S-1-5-21-3703704017-2634269700-2290171362-503 - Limited - Disabled)
Guest (S-1-5-21-3703704017-2634269700-2290171362-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.0 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
FMW 1 (HKLM\...\{2B66FCDA-0BD6-47CC-8EC5-C2EA02E03EB2}) (Version: 1.224.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security Software Manager (HKLM\...\Intel Security Software Manager) (Version: 1.1.107.0 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1631.3 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 3.0.12.1138 - Intel Corporation)
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2094 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.13 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-07] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-06] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_457b8915f31c148e\igfxDTCM.dll [2017-01-03] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-07] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-06] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04ED6EC7-C504-4F6F-AE10-9CBBB5501FF6} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {25134853-2071-4771-8948-BA35429E58E7} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-27] (Microsoft Corporation)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {3135BDAA-1689-4CCE-AAA7-463DF53F6B71} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-07] ()
Task: {356ACE0E-9801-41B2-8D14-4989CE0F4EBC} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {3D47BAF8-E978-4133-B4A3-287684E93F02} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-27] (Microsoft Corporation)
Task: {3F0376B2-A7A2-409F-A7E8-7C67A05D3C25} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-10-06] (AVG Technologies CZ, s.r.o.)
Task: {4753A9F3-57FA-4D83-A779-A224867FECE6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-21] (Realtek Semiconductor)
Task: {48BEA709-7B16-4796-B1F5-9FBE8E83F453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {4973A6F4-E8A4-42E1-AA2B-AC18E851C165} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-07] ()
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {5D9329B3-3ED6-4CD5-B3B9-C4BE97BE4F17} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-10-12] (ASUS)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.)
Task: {5EFEBBA9-F7DC-4ACC-B0A9-3D4729962788} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8F5E6E54-E94A-4AB8-83F0-8DD2FB9F11F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-27] (Microsoft Corporation)
Task: {AE39036C-AC4D-413F-9E9D-ED2C0020DD5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {C006555E-9594-4239-8565-FB0F9B75BD1F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-21] (Realtek Semiconductor)
Task: {C519C6E4-F16F-4E06-B3E4-C6844EB03033} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\TXE Components\iCLS\IntelPTTEKRecertification.exe [2016-05-23] (Intel® Corporation)
Task: {C653C9B7-1097-4372-A541-D3463E52183D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-11-14] (ASUSTek Computer Inc.)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\Windows\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-11-11 09:12 - 2016-09-15 18:25 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-07-07 22:23 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-10-06 22:13 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-06 22:13 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-11 09:12 - 2016-09-07 05:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-11 09:12 - 2016-10-05 10:35 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-11 09:12 - 2016-10-15 04:41 - 009760256 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-11 09:13 - 2016-10-15 04:34 - 001401344 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-11 09:12 - 2016-10-15 04:34 - 000757248 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-11 09:12 - 2016-10-15 04:34 - 001033216 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-11 09:12 - 2016-10-15 04:34 - 002424832 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-11 09:12 - 2016-10-15 04:38 - 004853760 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-10-06 20:05 - 2017-10-06 20:05 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2017-10-06 16:55 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-06 16:55 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2017-10-06 19:13 - 2017-10-06 19:12 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-10-06 20:04 - 2017-10-06 20:04 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-10-06 20:04 - 2017-10-06 20:04 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-10-06 20:06 - 2017-10-06 20:06 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-10-06 20:05 - 2017-10-06 20:05 - 000218208 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-10-06 20:05 - 2017-10-06 20:05 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-10-06 20:05 - 2017-10-06 20:05 - 000701776 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2016-10-12 22:17 - 2016-10-12 22:17 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3703704017-2634269700-2290171362-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{90839865-C252-423B-9462-8FF039173977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{330795B2-535F-4A6E-81A3-514B70F3AFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B181FC74-6B2B-43A3-8C9F-5D26C2088844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA2098BD-F9A4-459E-8F34-6E41DBCAE697}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{ED9F46F4-F5C6-4F59-AC61-F34CCB45176A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2398B823-E456-483D-8A27-2586E9FF24C5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{30E27CD9-7F81-4FB7-A14C-EBC6151B726B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1EDD6119-D4A2-45F5-B29C-9286108FEA1F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A5A2FEA0-C0AC-42D9-83FD-9F335B0F8FA6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2FB7A7B4-1352-49A3-AB25-120137AE0705}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
06-10-2017 16:39:40 Windows Modules Installer
07-10-2017 10:36:21 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2017 10:59:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 10:59:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 10:58:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.3.1.exe, version: 7.0.3.1, time stamp: 0x59cee86f
Faulting module name: adwcleaner_7.0.3.1.exe, version: 7.0.3.1, time stamp: 0x59cee86f
Exception code: 0xc0000005
Fault offset: 0x0007a1fa
Faulting process ID: 0xa80
Faulting application start time: 0x01d33f4e7f84534c
Faulting application path: C:\Users\Asus\Downloads\adwcleaner_7.0.3.1.exe
Faulting module path: C:\Users\Asus\Downloads\adwcleaner_7.0.3.1.exe
Report ID: 77c6ae7b-aa38-478d-8a5b-5d32d7017717
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/07/2017 10:32:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 10:32:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 12:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899179
Faulting module name: MessagingNativeCore.dll, version: 2.19.1607.1001, time stamp: 0x5776e7d8
Exception code: 0xc0000005
Fault offset: 0x001043cf
Faulting process ID: 0x73c
Faulting application start time: 0x01d33f62ff8ea98f
Faulting application path: C:\Windows\syswow64\backgroundTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
Report ID: 87572e80-4bc9-4ef0-a52e-d46f34e9e5ce
Faulting package full name: Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: x27e26f40ye031y48a6yb130yd1f20388991ax
 
Error: (10/07/2017 11:18:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 11:18:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/07/2017 10:36:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/07/2017 09:19:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.351 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: abc
 
Start Time: 01d33f44c44ddcb7
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 3997f213-ab38-11e7-a0f7-107b445e6ce1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/08/2017 08:14:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2017 08:06:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/08/2017 08:06:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/08/2017 08:06:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/08/2017 07:44:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2017 07:42:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (10/08/2017 07:40:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/08/2017 07:40:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/07/2017 09:33:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/07/2017 12:22:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LRNV8MC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N4200 @ 1.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3959.59 MB
Available physical RAM: 1155.21 MB
Total Virtual: 5367.59 MB
Available Virtual: 1859.23 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.46 GB) (Free:876.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WALKMAN) (Removable) (Total:3.45 GB) (Free:0.27 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 270D7CED)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.5 GB) (Disk ID: 0049C3BC)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================


#15 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:26 PM

Posted 08 October 2017 - 07:35 AM

Sorry, just seen this.

 

Will check your FRST log and reply this evening. Everything else seems fine.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users