Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

new infection

win32.patched-awm

  • Please log in to reply

#1
Cardoctork

Cardoctork

    Member

  • Member
  • PipPip
  • 39 posts

Wifes computer is infected has avast and malwarebyte on it I can not get on line with the avast safe brower error message dns not found. I am able to operate in safe mode. One scan says C:windows\syswow64\dnsapi.dll.

 

these are the results of frst scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-02-2017 01
Ran by Tanya (administrator) on TATIANA (11-02-2017 18:30:30)
Running from C:\Users\Tanya\Desktop
Loaded Profiles: Tanya (Available Profiles: Tanya)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [CTFMon] => C:\Windows\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ap] => C:\Program Files (x86)\Application Assistance\ap.exe
HKLM-x32\...\Run: [baidusdTray] => "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe"  -stmd=3
HKLM-x32\...\Run: [InstallUpdate] => 0
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [MaxTorrent] => "C:\Users\Tanya\AppData\Roaming\MaxTorrent\mtupdate.exe"
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {57d18287-74a1-11e4-beae-08606e0242ec} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {e10cdffc-1db8-11e6-bf2f-08606e0242ec} - "G:\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} =>  -> No File
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} =>  -> No File
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} =>  -> No File
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} =>  -> No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{7B67062E-E4B7-48B8-88A2-763CD6AB783D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_94c55f10_1201_1401_20160417_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 [2017-02-11]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> 
FF Homepage: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> www.google.com
FF Extension: (Firefox Hotfix) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-10] ()
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-637781413-3999183602-1061426373-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tanya\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-10-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-10-17] <==== ATTENTION
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default [2016-08-30]
CHR Extension: (Google Slides) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]
CHR Extension: (Google Docs) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]
CHR Extension: (Google Drive) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bollcafdnolnlnooclcfehjgcbbpabao] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjndibjblceakamilagmcappediilefl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [100528 2017-02-01] ()
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
S2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
S2 BDKVRTP; "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe" -r [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
S0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
S0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
S0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S1 bd0003; C:\WINDOWS\System32\DRIVERS\bd0003.sys [67400 2015-01-05] (Baidu)
S2 BDArKit; C:\WINDOWS\System32\DRIVERS\BDArKit.sys [144712 2014-11-21] (Baidu Technology)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-09-24] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-09-24] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-11 18:30 - 2017-02-11 18:31 - 00021119 _____ C:\Users\Tanya\Desktop\FRST.txt
2017-02-11 18:30 - 2017-02-11 18:30 - 00000000 ____D C:\FRST
2017-02-11 18:28 - 2017-02-11 18:28 - 02421248 _____ (Farbar) C:\Users\Tanya\Desktop\FRST64.exe
2017-02-10 14:14 - 2017-02-10 14:19 - 07517654 _____ C:\Users\Tanya\Downloads\Grammaire_progressive_du_fran_231_ais_avanc_233.pdf
2017-02-10 14:13 - 2017-02-10 14:14 - 01092341 _____ C:\Users\Tanya\Downloads\Corrig_233_s_Grammaire_progressive_du_francais_avanc_233.pdf
2017-02-09 23:04 - 2017-02-09 23:04 - 00000000 ____D C:\Users\Tanya\Desktop\New folder
2017-02-08 17:17 - 2017-02-08 17:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 17:17 - 2017-02-08 17:14 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 17:17 - 2017-02-08 17:14 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 17:17 - 2017-02-08 17:14 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 17:17 - 2017-02-08 17:14 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 17:16 - 2017-02-08 17:16 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-23 22:34 - 2017-01-23 22:34 - 00059904 _____ C:\Users\Tanya\Desktop\New Microsoft Office Publisher Document.pub
2017-01-21 00:35 - 2017-01-21 00:35 - 04047762 _____ C:\Users\Tanya\BEST FOOD for Runners.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-11 16:45 - 2014-09-24 02:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-11 16:39 - 2016-03-22 18:06 - 00896794 _____ C:\WINDOWS\ntbtlog.txt
2017-02-11 16:39 - 2015-08-25 19:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-11 16:20 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 16:13 - 2013-11-09 18:58 - 00000000 ____D C:\Users\Tanya\AppData\Roaming\Skype
2017-02-11 15:39 - 2013-04-14 06:27 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-637781413-3999183602-1061426373-1001
2017-02-11 15:37 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-11 15:36 - 2015-10-18 14:39 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-11 15:34 - 2015-10-18 14:39 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-11 15:34 - 2013-04-14 06:22 - 00000515 _____ C:\Users\Tanya\AppData\Roaming\sp_data.sys
2017-02-11 13:33 - 2016-12-23 09:54 - 00001278 _____ C:\Users\Tanya\Desktop\Rosetta Stone DEMO 2.1.3.0S.lnk
2017-02-11 13:33 - 2016-10-14 22:53 - 00001255 _____ C:\Users\Public\Desktop\Ultimate French.lnk
2017-02-11 13:33 - 2016-10-02 15:13 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\Users\Tanya\Desktop\Avast SafeZone Browser.lnk
2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-11 13:33 - 2015-11-04 20:24 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-11 13:33 - 2015-05-15 17:00 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-02-11 13:33 - 2014-10-22 15:27 - 00000445 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-02-11 13:33 - 2014-10-22 15:27 - 00000443 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-02-11 13:33 - 2014-04-24 10:50 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-02-11 13:33 - 2012-11-06 14:31 - 00002607 _____ C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk
2017-02-11 13:33 - 2012-11-06 14:30 - 00001944 _____ C:\Users\Public\Desktop\ASUS Product Demo Movie.Lnk
2017-02-11 13:33 - 2012-11-06 14:29 - 00000710 _____ C:\Users\Public\Desktop\eManual.Lnk
2017-02-11 13:33 - 2012-11-06 14:28 - 00002595 _____ C:\Users\Public\Desktop\ASUS InstantOn.lnk
2017-02-11 13:33 - 2012-11-06 14:14 - 00001628 _____ C:\Users\Public\Desktop\ASUS Install.lnk
2017-02-11 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\System
2017-02-11 13:21 - 2016-04-17 15:53 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-11 11:59 - 2013-10-21 15:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-11 11:57 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-11 00:04 - 2016-08-05 10:51 - 00000000 ____D C:\Users\Tanya\Таня
2017-02-10 23:56 - 2013-07-18 12:42 - 00000000 ____D C:\Users\Tanya\PHOTOS
2017-02-10 23:54 - 2014-10-22 15:27 - 00000000 ____D C:\Users\Tanya
2017-02-10 23:53 - 2013-09-08 00:18 - 00000000 ____D C:\Users\Tanya\Mr. Kauffman
2017-02-10 23:49 - 2016-02-07 11:36 - 00000000 ____D C:\Users\Tanya\Narnia
2017-02-10 23:46 - 2014-02-19 11:53 - 00000000 ____D C:\Users\Tanya\Mom's Stuff
2017-02-10 22:37 - 2014-12-15 02:40 - 00000000 ____D C:\Users\Tanya\Desktop\ART
2017-02-10 22:31 - 2016-08-23 13:41 - 00000000 ____D C:\Users\Tanya\Desktop\IPFE FALL 2016
2017-02-10 21:32 - 2016-04-17 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-10 21:31 - 2014-06-03 21:57 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-10 21:31 - 2014-06-03 21:56 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-10 21:26 - 2013-10-21 15:07 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 19:39 - 2013-04-14 06:45 - 00000000 ____D C:\Users\Tanya\AppData\Local\ElevatedDiagnostics
2017-02-10 19:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-10 18:52 - 2016-10-02 15:09 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-10 18:51 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Skype
2017-02-10 18:45 - 2016-10-02 15:12 - 00003890 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1475439140
2017-02-10 15:40 - 2015-09-23 18:48 - 00000000 ____D C:\Users\Tanya\CATS
2017-02-10 15:07 - 2015-02-23 20:45 - 00000000 ____D C:\Users\Tanya\Desktop\МОЛОДОСТЬ
2017-02-10 14:58 - 2014-07-19 20:28 - 00000000 ____D C:\Users\Tanya\Desktop\Le Francaise
2017-02-08 21:41 - 2015-02-27 19:26 - 00000000 ____D C:\Users\Tanya\Desktop\Здоровие
2017-02-08 21:31 - 2015-04-07 15:04 - 00000000 ____D C:\Users\Tanya\Desktop\WRITING
2017-02-08 17:16 - 2016-10-02 15:09 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 17:16 - 2016-10-02 15:09 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 17:16 - 2016-10-02 15:09 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 17:16 - 2016-10-02 15:09 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 17:16 - 2016-10-02 15:09 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 17:16 - 2016-10-02 15:09 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 17:15 - 2016-10-02 15:09 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-08 17:15 - 2016-10-02 15:09 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 14:40 - 2014-03-03 06:21 - 00000000 ____D C:\Users\Tanya\Poetry
2017-02-07 20:49 - 2017-01-11 19:44 - 00000000 ____D C:\Users\Tanya\Desktop\SPRING   2017
2017-02-05 00:43 - 2014-05-02 16:24 - 00000000 ____D C:\Users\Tanya\Desktop\THINKING
2017-02-02 23:40 - 2014-11-06 23:10 - 00000000 ____D C:\Users\Tanya\Desktop\Les Livres
2017-02-02 23:35 - 2013-09-25 15:48 - 00000000 ____D C:\Users\Tanya\AppData\Local\Adobe
2017-02-02 18:29 - 2013-11-09 18:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 09:36 - 2016-03-19 20:00 - 00000000 ____D C:\Users\Tanya\IPFW Spring 2016
2017-01-30 20:33 - 2014-03-01 07:17 - 00000000 ____D C:\Users\Tanya\Письма
2017-01-21 19:56 - 2014-09-17 09:37 - 00000000 ____D C:\Users\Tanya\Poetry-1
2017-01-21 10:14 - 2015-08-25 22:41 - 00000000 ____D C:\Users\Tanya\Desktop\RFI
2017-01-17 08:38 - 2015-01-22 01:47 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-16 08:46 - 2014-09-22 09:51 - 00000000 ____D C:\Users\Tanya\Desktop\La Bible
2017-01-16 07:42 - 2015-12-27 13:56 - 00000000 ____D C:\Users\Tanya\Desktop\MY PHOTOS
2017-01-16 07:39 - 2015-01-09 00:39 - 00000000 ____D C:\Users\Tanya\PHOTOS  for pringing
2017-01-15 21:45 - 2015-11-21 16:19 - 00000000 ____D C:\Users\Tanya\Finances
 
==================== Files in the root of some directories =======
 
2016-08-30 06:58 - 2016-08-30 12:34 - 0138240 _____ () C:\Users\Tanya\AppData\Roaming\Installer.dat
2013-09-04 18:30 - 2013-09-04 18:30 - 0000021 _____ () C:\Users\Tanya\AppData\Roaming\my_intel.sys
2016-08-30 07:09 - 2016-08-30 07:05 - 0699904 _____ () C:\Users\Tanya\AppData\Roaming\Roundair.exe
2013-04-14 06:22 - 2017-02-11 15:34 - 0000515 _____ () C:\Users\Tanya\AppData\Roaming\sp_data.sys
2014-03-14 18:58 - 2014-10-11 19:08 - 0000110 _____ () C:\Users\Tanya\AppData\Roaming\WB.CFG
2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat
2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat
2015-04-04 23:48 - 2015-02-27 13:13 - 0200992 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskStаrtеr.bаt.exe
2015-04-04 23:48 - 2015-02-27 13:13 - 3978016 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskSсrееnshоtЕditоr.bаt.exe
2013-09-04 18:59 - 2015-01-26 12:54 - 0012288 _____ () C:\Users\Tanya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 12:41 - 2014-10-11 12:41 - 0627560 _____ (CMI Limited) C:\Users\Tanya\AppData\Local\nss59B4.tmp
2014-10-11 12:00 - 2014-10-11 12:00 - 0612126 _____ (CMI Limited) C:\Users\Tanya\AppData\Local\nsu6CA4.tmp
2014-06-23 14:47 - 2014-06-23 14:47 - 0000864 _____ () C:\Users\Tanya\AppData\Local\recently-used.xbel
2015-04-11 11:24 - 2015-04-21 18:42 - 0011746 _____ () C:\Users\Tanya\AppData\Local\Temp-log.txt
2016-08-30 06:49 - 2016-08-30 06:49 - 0000001 _____ () C:\ProgramData\1111_ver.txt
2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
 
Some files in TEMP:
====================
2015-04-05 00:27 - 2015-04-05 00:27 - 39537752 _____ (百度在线网络技术(北京)有限公司) C:\Users\Tanya\AppData\Local\Temp\BaiduAn.Setup.1117.4.0.0.516_1000161529.exe
2015-04-05 00:13 - 2015-04-05 00:26 - 18064272 _____ (百度在线网络技术(北京)有限公司) C:\Users\Tanya\AppData\Local\Temp\Baidusd.Setup.3.0.0.4609.youqian_1000161529.exe
2016-09-03 12:49 - 2016-09-03 12:50 - 1580445 _____ (                                                            ) C:\Users\Tanya\AppData\Local\Temp\bbf3b93e-5267-4f10-9a8d-6359eb7c50ff.exe
2015-04-05 18:04 - 2014-12-03 21:08 - 0395784 _____ () C:\Users\Tanya\AppData\Local\Temp\BDABrowserProtectUnInstall.exe
2015-10-13 13:12 - 2015-10-13 14:01 - 0821280 ____N () C:\Users\Tanya\AppData\Local\Temp\beeeheieij.exe
2016-09-03 13:15 - 2016-09-03 13:15 - 0074057 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_2.exe
2016-09-03 12:51 - 2016-09-03 13:12 - 9567688 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_4.exe
2016-08-30 20:44 - 2016-08-30 20:45 - 0741440 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-03-09 11:25 - 2015-03-09 11:25 - 0561576 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u40-windows-au.exe
2015-04-13 11:12 - 2015-04-13 11:12 - 0562088 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u45-windows-au.exe
2016-03-21 10:12 - 2016-03-21 10:12 - 0736320 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-08-30 12:35 - 2016-08-30 12:35 - 9355264 _____ () C:\Users\Tanya\AppData\Local\Temp\MPCSetup_4.3.1.exe
2016-08-30 07:08 - 2016-08-30 07:08 - 0348235 _____ (Wizzlabs                                                    ) C:\Users\Tanya\AppData\Local\Temp\NERPQ6UZKL.exe
2015-07-23 14:51 - 2015-07-23 14:51 - 0023040 _____ () C:\Users\Tanya\AppData\Local\Temp\pylF703.tmp.exe
2012-09-10 16:23 - 2012-09-10 16:23 - 0559528 _____ (Helge Klein) C:\Users\Tanya\AppData\Local\Temp\setacl.exe
2016-08-30 06:45 - 2016-08-30 06:45 - 0548341 _____ () C:\Users\Tanya\AppData\Local\Temp\setup.exe
2014-12-11 19:12 - 2016-05-15 20:57 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Tanya\AppData\Local\Temp\SkypeSetup.exe
2016-08-30 12:35 - 2016-08-30 12:36 - 0308538 _____ (sunnyday                                                    ) C:\Users\Tanya\AppData\Local\Temp\THZT584M0E.exe
2015-02-15 09:06 - 2015-02-22 23:41 - 0104178 _____ () C:\Users\Tanya\AppData\Local\Temp\Uninstall.exe
2016-08-30 06:57 - 2016-08-30 06:58 - 0450032 _____ (Wizzlabs                                                    ) C:\Users\Tanya\AppData\Local\Temp\VNLN9XGDCY.exe
2016-08-30 12:50 - 2016-08-30 12:50 - 0308538 _____ (sunnyday                                                    ) C:\Users\Tanya\AppData\Local\Temp\YBCF9EXFSD.exe
2016-03-21 06:17 - 2016-03-21 06:17 - 0000000 _____ () C:\Users\Tanya\AppData\Local\Temp\{72FA825C-6A5C-4229-8CB7-4CA832BEE7A5}-49.0.2623.87_chrome_installer.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2014-09-24 02:50] - [2014-09-24 02:50] - 0655360 ____A (Microsoft Corporation) 8C37C2E9C46C81F0B098CAF993CC6ADE
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2014-09-24 02:50] - [2014-09-24 02:50] - 0494592 ____A (Microsoft Corporation) 828C3E784D87815A8B32F4D71E65963A
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2014-10-22 15:18
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2017 01
Ran by Tanya (11-02-2017 18:34:45)
Running from C:\Users\Tanya\Desktop
Windows 8.1 (Update) (X64) (2014-10-22 20:33:22)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-637781413-3999183602-1061426373-500 - Administrator - Disabled)
Guest (S-1-5-21-637781413-3999183602-1061426373-501 - Limited - Disabled)
Tanya (S-1-5-21-637781413-3999183602-1061426373-1001 - Administrator - Enabled) => C:\Users\Tanya
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{CFCB3B71-2A0F-4E91-8B8E-A9DF809DEF6A}) (Version: 10.17.0201 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Amazon Kindle) (Version:  - Amazon)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Rosetta Stone DEMO 2.1.3.0S (HKLM-x32\...\Rosetta Stone DEMO 2.1.3.0S) (Version: 2.1.3.0 - Fairfield Language Technologies)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13467 - Aztec Media Inc) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Ultimate French 2.0 (HKLM-x32\...\Ultimate French) (Version: 2.0 - McGraw-Hill)
Unity Web Player (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {487634CA-B431-4E58-8D8E-BC961596502C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {7CDA632D-4BCA-42CC-BBD5-D3AD39985E4C} - System32\Tasks\SafeZone scheduled Autoupdate 1475439140 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {95FFE0D9-15EE-428D-BFC5-8204D2462436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {9F4EA482-625C-4A9D-9BD5-1B6587D76C67} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {A6EB1803-B8DE-493F-B1D9-F1E676272233} - \{7E040F47-7909-0504-0A11-04790909110F} -> No File <==== ATTENTION
Task: {AA9EE4DC-C49F-4A00-88C5-3E6C3E48B7A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-31] (Microsoft Corporation)
Task: {ABE250B9-F3EA-44A4-885E-F8A099203251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {ADCAD85C-12E8-48FC-BFC0-DC6545696E99} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {AFDE44D0-6D8B-45DA-AA4A-FFBC9E1BFA18} - \PastaQuotes -> No File <==== ATTENTION
Task: {BD245B97-645C-404D-80D4-4E8BB35D98C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-10] (Adobe Systems Incorporated)
Task: {EBCDF38D-5FB1-41F4-A236-EE20CED88764} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {F82BE19B-CE32-4F51-AD19-4889DFE8727B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F9C587FD-FF94-44FB-9477-B3EFF928022C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {FB8B4518-AE8F-42EC-8FD6-D92C992F0D19} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {FF2001C0-E9B3-426E-BFF9-8DF8BE436CE5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlorеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launсh Intеrnеt Ехplorеr Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlоrer Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhrоmе.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Sсrееnshоts in Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat () -> --"hxxp://photobytes.org/index.php?USA1"
ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat () -> --"hxxp://photobytes.org/index.php?USA1"
ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-10 18:45 - 2017-02-03 05:32 - 68860960 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\safefinder.com -> hxxp://search.safefinder.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-02-11 13:21 - 00001212 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tanya\Documents\paris-wallpaper-hd-21.jpg
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "AnonymizerGadget"
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\StartupFolder: => "FreeDownloadmanager.exe"
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\Run: => "Caster"
HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\Run: => "IJDS4PPVLI"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C98731A5-C8FA-4E8E-8008-AF33A706C83B}] => C:\Program Files (x86)\Windows Network Accelerater\v1\winvxm.exe
FirewallRules: [{B6A37033-8D03-472C-B10E-1B515B8F6CC6}] => C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe
FirewallRules: [{55C68AE0-5D43-494B-840D-95498499B6C7}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{329403EB-9F4C-452A-BE72-E2782A08988C}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{61832BE2-D1E3-4E5C-B193-279E6EF25F47}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0343F5D7-0AC7-4D5C-B08E-25D471CB24A6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D578F2B-EF11-470F-82B5-8E5F7C0D3DD1}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{34CAADBC-2A77-4C0D-BBF7-AA99AC6417DD}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{17ED0570-3D0E-485E-B71E-8E9BA514EB18}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{9C5D44BC-8CF2-4DD3-8B36-C0F6759DD4BC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{E270B61A-E26E-4B21-ACEA-5FC8D5EBAC1D}] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8F914B7B-DD7C-4C35-B75A-1EAAA41E6EB2}] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9D45DB0A-A941-44A9-A46C-7FA81D947E73}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D4848034-588D-4CFF-824A-EA5971C1CCE0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{675C6D46-CF9F-446B-907E-A00794535B3E}] => LPort=1900
FirewallRules: [{883B1674-5AED-487A-945E-D2957EC073FC}] => LPort=2869
FirewallRules: [{9A1C08F8-6157-4C63-A017-B8E69EE84C1F}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{205F85D7-A84C-43DA-8592-92FC9F60D413}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{970CAC63-6963-487D-8DAF-AB3A199C917C}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7D6095B9-3730-4456-BC06-FFE9E81D3579}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14A29D62-1C22-45B3-ACBF-1960DB7AE503}] => C:\Program Files (x86)\Windows Optimizer\P5\winfix.exe
FirewallRules: [{9950C556-9B41-46B9-BDF3-549DAD7835CF}] => C:\Program Files (x86)\Windows Optimizer\P5\optimizer.exe
FirewallRules: [{AF5F0554-28FA-47AF-87B9-80220F9112F3}] => C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
FirewallRules: [{C8046388-79C4-46DD-A475-23A5B5CB2669}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{E223FD1D-CC7E-4BC5-95BF-EB47DFBDFE2B}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{FE773CE4-B1F4-4FDC-9723-15A185E113A3}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{837B0D13-BF6C-4C5A-8217-762009AB7391}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{C5A056D9-BD90-43C9-AF13-A068325DBF06}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{C1E54075-E02B-4889-8DC6-0D964EFD3AD0}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
FirewallRules: [{C7A420E2-5ADB-4D47-A3DC-CA3D06296514}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{A1910632-AE55-4D00-BBFC-2EEA35471F81}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{A0B1FC51-23F6-4C14-8151-210024F87321}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{6837B1B8-D0D6-433A-BCF1-3146B5776903}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{9ACE7891-781C-4B87-9F20-CDD0C1A34200}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{7B20ABCB-0C39-4D4E-B264-DCE5D78A9215}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
FirewallRules: [{D62EA439-CB0B-44DF-86F6-D5DA14514EED}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{3F21500A-DA47-4B34-9254-44DCC0A810F2}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{EBC53FE1-31A7-4966-B12D-E76B898EF8BE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{481912B3-3AA6-480E-9E19-BECA7DFF8D42}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{A2BB2487-E9D1-4919-90CE-03AE6699B742}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{63A15B98-4531-403D-9DBD-A1B81791861F}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
FirewallRules: [{C04B73E2-4C5E-43DD-A535-5DB4B127A356}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{C7FE084D-77B0-4C94-9812-AEB997B14CDA}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{DD5A498E-A375-458D-989E-B624B93295AD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{025EBDB4-AEE1-496E-BD14-E56CDBC91A50}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{C3B90C54-EF38-44A3-A063-23A0767C3EE6}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{887F448E-9615-43BC-88CE-F6D737BC8D36}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
FirewallRules: [{C239B72D-20C9-40C3-966B-90F16554C85A}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{AE88A97A-C803-4B0C-A5E7-93731D0F7E60}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{D35A892B-BBE6-4122-BB83-7EC25868FADD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{88B0DAF8-1E2E-4EA9-BFAA-C6FE71C351AC}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{6E305FFF-4D1E-4681-8A91-BB89F2F13987}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{E56D7F52-E8C2-48BE-BEC8-364D2AEE397E}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
FirewallRules: [{84C6F5BE-3805-4188-8256-13A4260579F5}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{088C153D-8842-4CB0-8FE1-D013FB25FC15}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{6419A913-179E-48A4-8E8E-0ABE9429A8DE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{D222D0F3-5772-4261-A84E-1A2AF5F4A9EE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{948F86B7-5520-4414-9F49-7AF608BB9357}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{BA1DAE3D-496D-412E-AEEC-C96B4AC8C488}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
FirewallRules: [{06D58F03-6C2F-4132-8C8F-519C7EA527EB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{904ED3E2-8802-4A7D-83EC-804EACA8051A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C102890-118B-42AE-A4DB-D2204E78BC60}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{F8F71059-A8D2-4A2D-9122-30E9CB515B26}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{F530BFB2-3322-43DF-94AE-299B44C23295}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-10-2016 17:40:49 ASU_MSI_TRAN
03-10-2016 18:39:04 Windows Modules Installer
17-10-2016 18:33:27 ASU_MSI_TRAN
21-10-2016 10:33:36 ASU_MSI_TRAN
22-11-2016 19:33:09 ASU_MSI_TRAN
13-01-2017 20:53:40 ASU_MSI_TRAN
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/02/2017 11:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0xaf0dc9da
Faulting process id: 0x1754
Faulting application start time: 0x01d27dd71dbdaa1e
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
Faulting module path: unknown
Report Id: 5e466078-e9ca-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0x1754
Faulting application start time: 0x01d27dd71dbdaa1e
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
Report Id: 5e334d7f-e9ca-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0xaf0dc9da
Faulting process id: 0xfbc
Faulting application start time: 0x01d27dd6a220b0f6
Faulting application path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: unknown
Report Id: e250fe79-e9c9-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0xfbc
Faulting application start time: 0x01d27dd6a220b0f6
Faulting application path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Report Id: e237cf05-e9c9-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0x1754
Faulting application start time: 0x01d27dd6730faad7
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
Report Id: b337058a-e9c9-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0x14fc
Faulting application start time: 0x01d27dd3e9cdbfe4
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Report Id: 2947c9be-e9c7-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:13:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0xaf0dc9da
Faulting process id: 0x14ec
Faulting application start time: 0x01d27dd3dcd56fa0
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: unknown
Report Id: 1d617dde-e9c7-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 11:13:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0x14ec
Faulting application start time: 0x01d27dd3dcd56fa0
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Report Id: 1d4c4488-e9c7-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2017 10:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0x9d0
Faulting application start time: 0x01d27dcf4a13e32e
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Report Id: 8dc5181b-e9c2-11e6-bfa7-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/01/2017 04:23:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9
Exception code: 0xc0000005
Fault offset: 0x00005c7d
Faulting process id: 0xf20
Faulting application start time: 0x01d27cd16c80c5a4
Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe
Report Id: af32aee2-e8c4-11e6-bfa6-08606e0242ec
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (02/11/2017 06:31:25 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-01-29 21:35:04.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-29 21:35:04.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-29 21:35:03.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-24 00:00:41.566
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-24 00:00:41.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-24 00:00:41.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 11:48:13.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 11:48:13.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 11:48:12.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 11:48:09.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 3981.68 MB
Available physical RAM: 2293.9 MB
Total Virtual: 8333.68 MB
Available Virtual: 6552.55 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:76.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:258 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Please note wife is Russian so scans will show both languages :(
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions of Java (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 8 Update 101 
Java 8 Update 77 
 
Also uninstall 
 
Amazon Assistant (Foistware you got when you last updated Java)
Settings Manager (Not sure what it is but FRST doesn't like it)
 
She has something on her desktop called:   C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe
No idea what it is but it creates an error when she tries to run it so it probably should be deleted.
 

 
Download the attached fixlist.txt to the same location as FRST
[attachment=83972:fixlist.txt]
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     

    • 0

    #3
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Is it ok to do this in safe mode as that is how I was able to connect to the internet.

    Thanks


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Yes.  Should be fine.


    • 0

    #5
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Did all those things. Had to remove programs in normal windows would not work in safe mode. Still can not connect to internet except in safe mode, browser open but error dns not found message.

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
    Ran by Tanya (12-02-2017 12:47:38) Run:1
    Running from C:\Users\Tanya\Desktop\frst
    Loaded Profiles: Tanya (Available Profiles: Tanya)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    HKLM-x32\...\Run: [baidusdTray] => "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe"  -stmd=3
    HKLM-x32\...\Run: [InstallUpdate] => 0
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {57d18287-74a1-11e4-beae-08606e0242ec} - "F:\LaunchU3.exe" -a
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {e10cdffc-1db8-11e6-bf2f-08606e0242ec} - "G:\AutoRun.exe" 
    HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION
    HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION
    ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} =>  -> No File
    ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} =>  -> No File
    ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} =>  -> No File
    ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} =>  -> No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
    SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_94c55f10_1201_1401_20160417_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> 
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
    FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-10-17] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-10-17] <==== ATTENTION
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    S2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [100528 2017-02-01] ()
    S2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
    S2 BDKVRTP; "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe" -r [X]
    S1 bd0003; C:\WINDOWS\System32\DRIVERS\bd0003.sys [67400 2015-01-05] (Baidu)
    S2 BDArKit; C:\WINDOWS\System32\DRIVERS\BDArKit.sys [144712 2014-11-21] (Baidu Technology)
    2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat
    2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat
    2015-04-04 23:48 - 2015-02-27 13:13 - 0200992 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskStаrtеr.bаt.exe
    2015-04-04 23:48 - 2015-02-27 13:13 - 3978016 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskSсrееnshоtЕditоr.bаt.exe
    2015-04-05 00:27 - 2015-04-05 00:27 - 39537752 _____ (百度在线网络技术(北京)有限公司) C:\Users\Tanya\AppData\Local\Temp\BaiduAn.Setup.1117.4.0.0.516_1000161529.exe
    2015-04-05 00:13 - 2015-04-05 00:26 - 18064272 _____ (百度在线网络技术(北京)有限公司) C:\Users\Tanya\AppData\Local\Temp\Baidusd.Setup.3.0.0.4609.youqian_1000161529.exe
    2016-09-03 12:49 - 2016-09-03 12:50 - 1580445 _____ (                                                            ) C:\Users\Tanya\AppData\Local\Temp\bbf3b93e-5267-4f10-9a8d-6359eb7c50ff.exe
    2015-04-05 18:04 - 2014-12-03 21:08 - 0395784 _____ () C:\Users\Tanya\AppData\Local\Temp\BDABrowserProtectUnInstall.exe
    2015-10-13 13:12 - 2015-10-13 14:01 - 0821280 ____N () C:\Users\Tanya\AppData\Local\Temp\beeeheieij.exe
    2016-09-03 13:15 - 2016-09-03 13:15 - 0074057 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_2.exe
    2016-09-03 12:51 - 2016-09-03 13:12 - 9567688 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_4.exe
    2016-08-30 20:44 - 2016-08-30 20:45 - 0741440 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u101-windows-au.exe
    2015-03-09 11:25 - 2015-03-09 11:25 - 0561576 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u40-windows-au.exe
    2015-04-13 11:12 - 2015-04-13 11:12 - 0562088 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u45-windows-au.exe
    2016-03-21 10:12 - 2016-03-21 10:12 - 0736320 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u77-windows-au.exe
    2016-08-30 12:35 - 2016-08-30 12:35 - 9355264 _____ () C:\Users\Tanya\AppData\Local\Temp\MPCSetup_4.3.1.exe
    2016-08-30 07:08 - 2016-08-30 07:08 - 0348235 _____ (Wizzlabs                                                    ) C:\Users\Tanya\AppData\Local\Temp\NERPQ6UZKL.exe
    2015-07-23 14:51 - 2015-07-23 14:51 - 0023040 _____ () C:\Users\Tanya\AppData\Local\Temp\pylF703.tmp.exe
    2012-09-10 16:23 - 2012-09-10 16:23 - 0559528 _____ (Helge Klein) C:\Users\Tanya\AppData\Local\Temp\setacl.exe
    2016-08-30 06:45 - 2016-08-30 06:45 - 0548341 _____ () C:\Users\Tanya\AppData\Local\Temp\setup.exe
    2014-12-11 19:12 - 2016-05-15 20:57 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Tanya\AppData\Local\Temp\SkypeSetup.exe
    2016-08-30 12:35 - 2016-08-30 12:36 - 0308538 _____ (sunnyday                                                    ) C:\Users\Tanya\AppData\Local\Temp\THZT584M0E.exe
    2015-02-15 09:06 - 2015-02-22 23:41 - 0104178 _____ () C:\Users\Tanya\AppData\Local\Temp\Uninstall.exe
    2016-08-30 06:57 - 2016-08-30 06:58 - 0450032 _____ (Wizzlabs                                                    ) C:\Users\Tanya\AppData\Local\Temp\VNLN9XGDCY.exe
    2016-08-30 12:50 - 2016-08-30 12:50 - 0308538 _____ (sunnyday                                                    ) C:\Users\Tanya\AppData\Local\Temp\YBCF9EXFSD.exe
    2016-03-21 06:17 - 2016-03-21 06:17 - 0000000 _____ () C:\Users\Tanya\AppData\Local\Temp\{72FA825C-6A5C-4229-8CB7-4CA832BEE7A5}-49.0.2623.87_chrome_installer.exe
    Task: {A6EB1803-B8DE-493F-B1D9-F1E676272233} - \{7E040F47-7909-0504-0A11-04790909110F} -> No File <==== ATTENTION
    Task: {AFDE44D0-6D8B-45DA-AA4A-FFBC9E1BFA18} - \PastaQuotes -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlorеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launсh Intеrnеt Ехplorеr Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlоrer Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhrоmе.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Sсrееnshоts in Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat () -> --"hxxp://photobytes.org/index.php?USA1"
    ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat () -> --"hxxp://photobytes.org/index.php?USA1"
    ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    FirewallRules: [{14A29D62-1C22-45B3-ACBF-1960DB7AE503}] => C:\Program Files (x86)\Windows Optimizer\P5\winfix.exe
    FirewallRules: [{9950C556-9B41-46B9-BDF3-549DAD7835CF}] => C:\Program Files (x86)\Windows Optimizer\P5\optimizer.exe
    FirewallRules: [{AF5F0554-28FA-47AF-87B9-80220F9112F3}] => C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
    FirewallRules: [{C8046388-79C4-46DD-A475-23A5B5CB2669}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{E223FD1D-CC7E-4BC5-95BF-EB47DFBDFE2B}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{FE773CE4-B1F4-4FDC-9723-15A185E113A3}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{837B0D13-BF6C-4C5A-8217-762009AB7391}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{C5A056D9-BD90-43C9-AF13-A068325DBF06}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{C1E54075-E02B-4889-8DC6-0D964EFD3AD0}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe
    FirewallRules: [{C7A420E2-5ADB-4D47-A3DC-CA3D06296514}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{A1910632-AE55-4D00-BBFC-2EEA35471F81}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{A0B1FC51-23F6-4C14-8151-210024F87321}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{6837B1B8-D0D6-433A-BCF1-3146B5776903}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{9ACE7891-781C-4B87-9F20-CDD0C1A34200}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{7B20ABCB-0C39-4D4E-B264-DCE5D78A9215}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe
    FirewallRules: [{D62EA439-CB0B-44DF-86F6-D5DA14514EED}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{3F21500A-DA47-4B34-9254-44DCC0A810F2}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{EBC53FE1-31A7-4966-B12D-E76B898EF8BE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{481912B3-3AA6-480E-9E19-BECA7DFF8D42}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{A2BB2487-E9D1-4919-90CE-03AE6699B742}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{63A15B98-4531-403D-9DBD-A1B81791861F}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe
    FirewallRules: [{C04B73E2-4C5E-43DD-A535-5DB4B127A356}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{C7FE084D-77B0-4C94-9812-AEB997B14CDA}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{DD5A498E-A375-458D-989E-B624B93295AD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{025EBDB4-AEE1-496E-BD14-E56CDBC91A50}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{C3B90C54-EF38-44A3-A063-23A0767C3EE6}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{887F448E-9615-43BC-88CE-F6D737BC8D36}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe
    FirewallRules: [{C239B72D-20C9-40C3-966B-90F16554C85A}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{AE88A97A-C803-4B0C-A5E7-93731D0F7E60}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{D35A892B-BBE6-4122-BB83-7EC25868FADD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{88B0DAF8-1E2E-4EA9-BFAA-C6FE71C351AC}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{6E305FFF-4D1E-4681-8A91-BB89F2F13987}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{E56D7F52-E8C2-48BE-BEC8-364D2AEE397E}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe
    FirewallRules: [{84C6F5BE-3805-4188-8256-13A4260579F5}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{088C153D-8842-4CB0-8FE1-D013FB25FC15}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{6419A913-179E-48A4-8E8E-0ABE9429A8DE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{D222D0F3-5772-4261-A84E-1A2AF5F4A9EE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{948F86B7-5520-4414-9F49-7AF608BB9357}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{BA1DAE3D-496D-412E-AEEC-C96B4AC8C488}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe
    FirewallRules: [{1C102890-118B-42AE-A4DB-D2204E78BC60}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe
    FirewallRules: [{F8F71059-A8D2-4A2D-9122-30E9CB515B26}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe
    EmptyTemp:
    CMD: sfc /scanfile=C:\WINDOWS\system32\dnsapi.dll
    CMD: sfc /scanfile=C:\WINDOWS\SysWOW64\dnsapi.dll
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************
     
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InstallUpdate => value removed successfully
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57d18287-74a1-11e4-beae-08606e0242ec} => key removed successfully
    HKCR\CLSID\{57d18287-74a1-11e4-beae-08606e0242ec} => key not found. 
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e10cdffc-1db8-11e6-bf2f-08606e0242ec} => key removed successfully
    HKCR\CLSID\{e10cdffc-1db8-11e6-bf2f-08606e0242ec} => key not found. 
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0YndCase0Sync => key removed successfully
    HKCR\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0YndCase1Modified => key removed successfully
    HKCR\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0YndCase2Error => key removed successfully
    HKCR\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0YndCase3Shared => key removed successfully
    HKCR\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169} => key not found. 
    HKLM\SOFTWARE\Policies\Google => key removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key removed successfully
    HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found. 
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key removed successfully
    HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
    Firefox SelectedSearchEngine removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin => key removed successfully
    C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js => moved successfully
    C:\Program Files (x86)\mozilla firefox\cfg => moved successfully
    Chrome HomePage => removed successfully
    Chrome StartupUrls => removed successfully
    Chrome DefaultSearchURL => removed successfully
    Chrome DefaultSearchKeyword => removed successfully
    Chrome DefaultSuggestURL => removed successfully
    Amazon Assistant Service => service not found.
    HKLM\System\CurrentControlSet\Services\BaiduHips => key removed successfully
    BaiduHips => service removed successfully
    HKLM\System\CurrentControlSet\Services\BDKVRTP => key removed successfully
    BDKVRTP => service removed successfully
    bd0003 => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\bd0003 => key removed successfully
    bd0003 => service removed successfully
    BDArKit => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\BDArKit => key removed successfully
    BDArKit => service removed successfully
    C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat => moved successfully
    C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat => moved successfully
    C:\Users\Tanya\AppData\Roaming\YаndехDiskStаrtеr.bаt.exe => moved successfully
    C:\Users\Tanya\AppData\Roaming\YаndехDiskSсrееnshоtЕditоr.bаt.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\BaiduAn.Setup.1117.4.0.0.516_1000161529.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\Baidusd.Setup.3.0.0.4609.youqian_1000161529.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\bbf3b93e-5267-4f10-9a8d-6359eb7c50ff.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\BDABrowserProtectUnInstall.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\beeeheieij.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\ext_2.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\ext_4.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\jre-8u40-windows-au.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\MPCSetup_4.3.1.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\NERPQ6UZKL.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\pylF703.tmp.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\setacl.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\setup.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\SkypeSetup.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\THZT584M0E.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\Uninstall.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\VNLN9XGDCY.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\YBCF9EXFSD.exe => moved successfully
    C:\Users\Tanya\AppData\Local\Temp\{72FA825C-6A5C-4229-8CB7-4CA832BEE7A5}-49.0.2623.87_chrome_installer.exe => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6EB1803-B8DE-493F-B1D9-F1E676272233} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6EB1803-B8DE-493F-B1D9-F1E676272233} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E040F47-7909-0504-0A11-04790909110F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFDE44D0-6D8B-45DA-AA4A-FFBC9E1BFA18} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFDE44D0-6D8B-45DA-AA4A-FFBC9E1BFA18} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. 
    C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlorеr.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chrome.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launсh Intеrnеt Ехplorеr Вrowsеr.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlоrer Вrowsеr.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhrome.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhrоmе.lnk => moved successfully
    C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
    C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Sсrееnshоts in Yаndех.Disk.lnk => Shortcut argument removed successfully.
    C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Yаndех.Disk.lnk => Shortcut argument removed successfully.
    C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
    C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
    C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14A29D62-1C22-45B3-ACBF-1960DB7AE503} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9950C556-9B41-46B9-BDF3-549DAD7835CF} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF5F0554-28FA-47AF-87B9-80220F9112F3} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8046388-79C4-46DD-A475-23A5B5CB2669} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E223FD1D-CC7E-4BC5-95BF-EB47DFBDFE2B} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE773CE4-B1F4-4FDC-9723-15A185E113A3} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{837B0D13-BF6C-4C5A-8217-762009AB7391} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5A056D9-BD90-43C9-AF13-A068325DBF06} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1E54075-E02B-4889-8DC6-0D964EFD3AD0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7A420E2-5ADB-4D47-A3DC-CA3D06296514} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1910632-AE55-4D00-BBFC-2EEA35471F81} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0B1FC51-23F6-4C14-8151-210024F87321} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6837B1B8-D0D6-433A-BCF1-3146B5776903} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ACE7891-781C-4B87-9F20-CDD0C1A34200} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B20ABCB-0C39-4D4E-B264-DCE5D78A9215} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D62EA439-CB0B-44DF-86F6-D5DA14514EED} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F21500A-DA47-4B34-9254-44DCC0A810F2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBC53FE1-31A7-4966-B12D-E76B898EF8BE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{481912B3-3AA6-480E-9E19-BECA7DFF8D42} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2BB2487-E9D1-4919-90CE-03AE6699B742} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A15B98-4531-403D-9DBD-A1B81791861F} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C04B73E2-4C5E-43DD-A535-5DB4B127A356} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7FE084D-77B0-4C94-9812-AEB997B14CDA} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD5A498E-A375-458D-989E-B624B93295AD} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{025EBDB4-AEE1-496E-BD14-E56CDBC91A50} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3B90C54-EF38-44A3-A063-23A0767C3EE6} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{887F448E-9615-43BC-88CE-F6D737BC8D36} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C239B72D-20C9-40C3-966B-90F16554C85A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE88A97A-C803-4B0C-A5E7-93731D0F7E60} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D35A892B-BBE6-4122-BB83-7EC25868FADD} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88B0DAF8-1E2E-4EA9-BFAA-C6FE71C351AC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E305FFF-4D1E-4681-8A91-BB89F2F13987} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E56D7F52-E8C2-48BE-BEC8-364D2AEE397E} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84C6F5BE-3805-4188-8256-13A4260579F5} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{088C153D-8842-4CB0-8FE1-D013FB25FC15} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6419A913-179E-48A4-8E8E-0ABE9429A8DE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D222D0F3-5772-4261-A84E-1A2AF5F4A9EE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{948F86B7-5520-4414-9F49-7AF608BB9357} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA1DAE3D-496D-412E-AEEC-C96B4AC8C488} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C102890-118B-42AE-A4DB-D2204E78BC60} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8F71059-A8D2-4A2D-9122-30E9CB515B26} => value removed successfully
     
    ========= sfc /scanfile=C:\WINDOWS\system32\dnsapi.dll =========
     
     
     
     
    Windows Resource Protection found corrupt files and successfully repaired 
     
    them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For 
     
    example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not 
     
    supported in offline servicing scenarios.
     
     
     
    The system file repair changes will take effect after the next reboot.
     
     
    ========= End of CMD: =========
     
     
    ========= sfc /scanfile=C:\WINDOWS\SysWOW64\dnsapi.dll =========
     
     
     
     
    There is a system repair pending which requires reboot to complete.  Restart 
     
    Windows and run sfc again.
     
     
    ========= End of CMD: =========
     
     
    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
     
    Failed to clear log Microsoft-Windows-DxpTaskRingtone/Analytic. The system cannot find the file specified.
    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
     
    ========= End of CMD: =========
     
     
    =========== EmptyTemp: ==========
     
    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25391249 B
    Java, Flash, Steam htmlcache => 25172933 B
    Windows/system/drivers => 151907777 B
    Edge => 0 B
    Chrome => 94216906 B
    Firefox => 361340159 B
    Opera => 0 B
     
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 21409920 B
    systemprofile32 => 20827845 B
    LocalService => 855768 B
    NetworkService => 89791802 B
    Tanya => 16462961607 B
     
    RecycleBin => 0 B
    EmptyTemp: => 16.1 GB temporary data Removed.
     
    ================================
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 12:55:07 ====
    # AdwCleaner v6.043 - Logfile created 12/02/2017 at 13:14:10
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-01-27.1 [Local]
    # Operating System : Windows 8.1  (X64)
    # Username : Tanya - TATIANA
    # Running from : C:\Users\Tanya\Desktop\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\ProgramData\167d917200002285
    [-] Folder deleted: C:\ProgramData\6edc59c2000077b4
    [-] Folder deleted: C:\ProgramData\7f5c9a9a00004113
    [-] Folder deleted: C:\ProgramData\d1d1ec780000380a
    [-] Folder deleted: C:\ProgramData\GOSaive
    [-] Folder deleted: C:\ProgramData\{8198c5da-ff24-6d6c-8198-8c5daff2176b}
    [-] Folder deleted: C:\ProgramData\{89ad1d35-030b-337a-89ad-d1d3503074d4}
    [-] Folder deleted: C:\Users\Tanya\AppData\Local\globalUpdate
    [-] Folder deleted: C:\Users\Tanya\AppData\Local\StormAlerts
    [-] Folder deleted: C:\Users\Tanya\AppData\Local\torch
    [-] Folder deleted: C:\Users\Tanya\AppData\Roaming\ap_logs
    [-] Folder deleted: C:\Users\Tanya\AppData\Roaming\SkypEmoticons
    [-] Folder deleted: C:\Users\Tanya\AppData\Roaming\VK OK AdBlock
    [-] Folder deleted: C:\Users\Tanya\AppData\Roaming\Geunfy
    [-] Folder deleted: C:\Program Files\pclient
    [-] Folder deleted: C:\Program Files\YhidUn
    [-] Folder deleted: C:\ProgramData\Trusted Publisher
    [-] Folder deleted: C:\ProgramData\WindowsMsg
    [#] Folder deleted on reboot: C:\ProgramData\trusted publisher
    [-] Folder deleted: C:\ProgramData\RenewalService
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Trusted Publisher
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\WindowsMsg
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\trusted publisher
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\RenewalService
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ttwifi
    [-] Folder deleted: C:\Program Files (x86)\globalUpdate
    [-] Folder deleted: C:\Program Files (x86)\WebShield
    [-] Folder deleted: C:\Program Files (x86)\mpck
    [-] Folder deleted: C:\Program Files (x86)\DPower
    [-] Folder deleted: C:\uninst
    [-] Folder deleted: C:\Program Files (x86)\host
    [#] Folder deleted on reboot: C:\Program Files (x86)\DPower
     
     
    ***** [ Files ] *****
     
    [-] File deleted: C:\WINDOWS\SysNative\drivers\bd0003.sys
    [-] File deleted: C:\WINDOWS\SysNative\drivers\BDArKit.SYS
    [-] File deleted: C:\END
    [-] File deleted: C:\iехplоrе.bаt.exe
    [-] File deleted: C:\firеfох.bаt.exe
    [-] File deleted: C:\WINDOWS\SysWOW64\drivers\bd0001.sys
    [-] File deleted: C:\WINDOWS\SysWOW64\drivers\bd0002.sys
    [-] File deleted: C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\invalidprefs.js
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
    [-] Key deleted: HKLM\SOFTWARE\f0907333-762c-09f5-d980-917b9608c841
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    [-] Key deleted: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
    [-] Key deleted: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
    [-] Key deleted: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    [-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00890530-6A9F-4BE2-B1BB-73F01E2BB986}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{00890530-6A9F-4BE2-B1BB-73F01E2BB986}]
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
    [-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\csdimedia
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\DAILYPCCLEAN
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\GlobalUpdate
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Linkey
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Tinstalls
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Softonic
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\WEBAPP
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\ttwifi
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\INSTALLPATH\STATUS
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\AppDataLow\Software\TheBestDeals
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
    [#] Key deleted on reboot: HKCU\Software\csdimedia
    [#] Key deleted on reboot: HKCU\Software\DAILYPCCLEAN
    [#] Key deleted on reboot: HKCU\Software\GlobalUpdate
    [#] Key deleted on reboot: HKCU\Software\Linkey
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
    [#] Key deleted on reboot: HKCU\Software\Softonic
    [#] Key deleted on reboot: HKCU\Software\WEBAPP
    [#] Key deleted on reboot: HKCU\Software\ttwifi
    [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
    [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Yhid
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\TheBestDeals
    [-] Key deleted: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    [-] Key deleted: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key deleted: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    [-] Key deleted: HKLM\SOFTWARE\csdimedia
    [-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
    [-] Key deleted: HKLM\SOFTWARE\MPC
    [-] Key deleted: HKLM\SOFTWARE\NpApp
    [-] Key deleted: HKLM\SOFTWARE\SearchModule
    [-] Key deleted: HKLM\SOFTWARE\TermTutor
    [-] Key deleted: HKLM\SOFTWARE\Xtp
    [-] Key deleted: HKLM\SOFTWARE\WorldOfBooks
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [#] Key deleted on reboot: [x64] HKCU\Software\csdimedia
    [#] Key deleted on reboot: [x64] HKCU\Software\DAILYPCCLEAN
    [#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
    [#] Key deleted on reboot: [x64] HKCU\Software\Linkey
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
    [#] Key deleted on reboot: [x64] HKCU\Software\Softonic
    [#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
    [#] Key deleted on reboot: [x64] HKCU\Software\ttwifi
    [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\TheBestDeals
    [-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
    [-] Key deleted: [x64] HKLM\SOFTWARE\Xtp
    [-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
    [-] Data restored: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main [Search Page] 
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] 
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] 
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
    [-] Key deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Data restored: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playnicegames.online
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\video.hi.ru
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playnicegames.online
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\video.hi.ru
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ap]
    [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ap]
    [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ConvertAd]
    [-] Value deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
    [-] Value deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [se]
    [-] Value deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster]
    [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnonymizerGadget]
    [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [DiskPower]
    [-] Value deleted: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WinResSync]
    [-] Key deleted: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BDShellExt.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    [-] Key deleted: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\BDShellExt
    [-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BDShellExt
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
     
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: feed.sonic-search.com
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com
    [-] [C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jlcgehabolcakkjhgmgpkagpolbjlhfa
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [18116 Bytes] - [12/02/2017 13:14:10]
    C:\AdwCleaner\AdwCleaner[S0].txt - [17431 Bytes] - [12/02/2017 13:05:49]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18264 Bytes] ##########
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 8.1 x64 
    Ran by Tanya (Administrator) on Sun 02/12/2017 at 13:20:57.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 5 
     
    Successfully deleted: C:\Users\Tanya\AppData\Local\installer (Folder) 
    Successfully deleted: C:\Users\Tanya\Appdata\LocalLow\company (Folder) 
    Successfully deleted: C:\Users\Tanya\AppData\Roaming\spi (Folder) 
    Successfully deleted: C:\Users\Tanya\AppData\Local\nss59B4.tmp (File) 
    Successfully deleted: C:\Users\Tanya\AppData\Local\nsu6CA4.tmp (File) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/12/2017 at 13:23:54.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
    Ran by Tanya (administrator) on TATIANA (12-02-2017 13:27:15)
    Running from C:\Users\Tanya\Desktop\frst
    Loaded Profiles: Tanya (Available Profiles: Tanya)
    Platform: Windows 8.1 (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
    HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
    HKLM\...\Run: [CTFMon] => C:\Windows\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [MaxTorrent] => "C:\Users\Tanya\AppData\Roaming\MaxTorrent\mtupdate.exe"
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{7B67062E-E4B7-48B8-88A2-763CD6AB783D}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [NameServer] 208.67.220.220,208.67.222.222
    Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [DhcpNameServer] 192.168.1.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 [2017-02-12]
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> Google
    FF Homepage: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> www.google.com
    FF Extension: (Firefox Hotfix) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
    FF Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-20]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-02]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-02]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-10] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-10] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-637781413-3999183602-1061426373-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tanya\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
    CHR Extension: (Google Slides) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]
    CHR Extension: (Google Docs) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]
    CHR Extension: (Google Drive) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
    CHR Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
    CHR Extension: (Google Search) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
    CHR Extension: (Google Sheets) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]
    CHR Extension: (Google Docs Offline) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
    CHR Extension: (Gmail) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]
    CHR Extension: (Chrome Media Router) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
    CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bollcafdnolnlnooclcfehjgcbbpabao] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjndibjblceakamilagmcappediilefl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
    R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
    S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
    R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
    R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-09-24] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-09-24] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-12 13:23 - 2017-02-12 13:23 - 00000908 _____ C:\Users\Tanya\Desktop\JRT.txt
    2017-02-12 13:16 - 2017-02-12 13:16 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-02-12 12:59 - 2017-02-12 13:14 - 00000000 ____D C:\AdwCleaner
    2017-02-12 12:16 - 2017-02-12 12:16 - 01663040 _____ (Malwarebytes) C:\Users\Tanya\Desktop\JRT.exe
    2017-02-12 12:14 - 2017-02-12 12:14 - 04015056 _____ C:\Users\Tanya\Desktop\AdwCleaner.exe
    2017-02-12 12:12 - 2017-02-12 13:27 - 00000000 ____D C:\Users\Tanya\Desktop\frst
    2017-02-12 12:11 - 2017-02-12 12:11 - 00000000 ____D C:\Users\Tanya\Desktop\FRST-OlderVersion
    2017-02-12 12:09 - 2017-02-12 12:09 - 00031458 _____ C:\Users\Tanya\Downloads\fixlist.txt
    2017-02-12 11:52 - 2017-02-12 11:52 - 00001870 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Antivirus.lnk
    2017-02-11 18:34 - 2017-02-11 18:38 - 00042519 _____ C:\Users\Tanya\Desktop\Addition.txt
    2017-02-11 18:30 - 2017-02-12 13:27 - 00000000 ____D C:\FRST
    2017-02-11 18:30 - 2017-02-11 18:38 - 00036457 _____ C:\Users\Tanya\Desktop\FRST.txt
    2017-02-10 14:14 - 2017-02-10 14:19 - 07517654 _____ C:\Users\Tanya\Downloads\Grammaire_progressive_du_fran_231_ais_avanc_233.pdf
    2017-02-10 14:13 - 2017-02-10 14:14 - 01092341 _____ C:\Users\Tanya\Downloads\Corrig_233_s_Grammaire_progressive_du_francais_avanc_233.pdf
    2017-02-08 17:17 - 2017-02-08 17:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2017-02-08 17:17 - 2017-02-08 17:14 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2017-02-08 17:17 - 2017-02-08 17:14 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2017-02-08 17:17 - 2017-02-08 17:14 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2017-02-08 17:17 - 2017-02-08 17:14 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2017-02-08 17:16 - 2017-02-08 17:16 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2017-01-23 22:34 - 2017-01-23 22:34 - 00059904 _____ C:\Users\Tanya\Desktop\New Microsoft Office Publisher Document.pub
    2017-01-21 00:35 - 2017-01-21 00:35 - 04047762 _____ C:\Users\Tanya\BEST FOOD for Runners.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-12 13:23 - 2013-11-09 18:58 - 00000000 ____D C:\Users\Tanya\AppData\Roaming\Skype
    2017-02-12 13:21 - 2013-04-14 06:27 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-637781413-3999183602-1061426373-1001
    2017-02-12 13:20 - 2014-09-24 02:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-12 13:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
    2017-02-12 13:16 - 2013-04-14 06:22 - 00000515 _____ C:\Users\Tanya\AppData\Roaming\sp_data.sys
    2017-02-12 13:15 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-12 12:54 - 2013-11-07 16:29 - 00000000 ____D C:\Users\Tanya\AppData\LocalLow\Temp
    2017-02-12 12:47 - 2016-03-22 20:47 - 00001063 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-12 12:47 - 2016-02-12 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-12 12:47 - 2015-11-04 18:48 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-02-12 12:47 - 2015-10-18 14:47 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-02-12 12:47 - 2015-10-18 14:47 - 00002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-02-12 12:47 - 2015-10-13 13:07 - 00001170 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-02-12 12:47 - 2015-03-22 17:28 - 00000000 ____D C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
    2017-02-12 12:13 - 2016-03-22 18:06 - 01176464 _____ C:\WINDOWS\ntbtlog.txt
    2017-02-11 21:40 - 2014-10-22 15:27 - 00000000 ____D C:\Users\Tanya
    2017-02-11 16:39 - 2015-08-25 19:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-11 13:33 - 2016-12-23 09:54 - 00001278 _____ C:\Users\Tanya\Desktop\Rosetta Stone DEMO 2.1.3.0S.lnk
    2017-02-11 13:33 - 2016-10-14 22:53 - 00001255 _____ C:\Users\Public\Desktop\Ultimate French.lnk
    2017-02-11 13:33 - 2016-10-02 15:13 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\Users\Tanya\Desktop\Avast SafeZone Browser.lnk
    2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-02-11 13:33 - 2015-11-04 20:24 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2017-02-11 13:33 - 2015-05-15 17:00 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2017-02-11 13:33 - 2014-10-22 15:27 - 00000445 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2017-02-11 13:33 - 2014-10-22 15:27 - 00000443 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2017-02-11 13:33 - 2014-04-24 10:50 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2017-02-11 13:33 - 2012-11-06 14:31 - 00002607 _____ C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk
    2017-02-11 13:33 - 2012-11-06 14:30 - 00001944 _____ C:\Users\Public\Desktop\ASUS Product Demo Movie.Lnk
    2017-02-11 13:33 - 2012-11-06 14:29 - 00000710 _____ C:\Users\Public\Desktop\eManual.Lnk
    2017-02-11 13:33 - 2012-11-06 14:28 - 00002595 _____ C:\Users\Public\Desktop\ASUS InstantOn.lnk
    2017-02-11 13:33 - 2012-11-06 14:14 - 00001628 _____ C:\Users\Public\Desktop\ASUS Install.lnk
    2017-02-11 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\System
    2017-02-11 11:57 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2017-02-11 00:04 - 2016-08-05 10:51 - 00000000 ____D C:\Users\Tanya\Таня
    2017-02-10 23:56 - 2013-07-18 12:42 - 00000000 ____D C:\Users\Tanya\PHOTOS
    2017-02-10 23:53 - 2013-09-08 00:18 - 00000000 ____D C:\Users\Tanya\Mr. Kauffman
    2017-02-10 23:49 - 2016-02-07 11:36 - 00000000 ____D C:\Users\Tanya\Narnia
    2017-02-10 23:46 - 2014-02-19 11:53 - 00000000 ____D C:\Users\Tanya\Mom's Stuff
    2017-02-10 22:37 - 2014-12-15 02:40 - 00000000 ____D C:\Users\Tanya\Desktop\ART
    2017-02-10 22:31 - 2016-08-23 13:41 - 00000000 ____D C:\Users\Tanya\Desktop\IPFE FALL 2016
    2017-02-10 21:26 - 2013-10-21 15:07 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-02-10 19:39 - 2013-04-14 06:45 - 00000000 ____D C:\Users\Tanya\AppData\Local\ElevatedDiagnostics
    2017-02-10 19:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-02-10 18:52 - 2016-10-02 15:09 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
    2017-02-10 18:51 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Skype
    2017-02-10 18:45 - 2016-10-02 15:12 - 00003890 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1475439140
    2017-02-10 15:40 - 2015-09-23 18:48 - 00000000 ____D C:\Users\Tanya\CATS
    2017-02-10 15:07 - 2015-02-23 20:45 - 00000000 ____D C:\Users\Tanya\Desktop\МОЛОДОСТЬ
    2017-02-10 14:58 - 2014-07-19 20:28 - 00000000 ____D C:\Users\Tanya\Desktop\Le Francaise
    2017-02-08 21:41 - 2015-02-27 19:26 - 00000000 ____D C:\Users\Tanya\Desktop\Здоровие
    2017-02-08 21:31 - 2015-04-07 15:04 - 00000000 ____D C:\Users\Tanya\Desktop\WRITING
    2017-02-08 17:16 - 2016-10-02 15:09 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2017-02-08 17:16 - 2016-10-02 15:09 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2017-02-08 17:16 - 2016-10-02 15:09 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2017-02-08 17:16 - 2016-10-02 15:09 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2017-02-08 17:16 - 2016-10-02 15:09 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2017-02-08 17:16 - 2016-10-02 15:09 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2017-02-08 17:15 - 2016-10-02 15:09 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2017-02-08 17:15 - 2016-10-02 15:09 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2017-02-08 14:40 - 2014-03-03 06:21 - 00000000 ____D C:\Users\Tanya\Poetry
    2017-02-07 20:49 - 2017-01-11 19:44 - 00000000 ____D C:\Users\Tanya\Desktop\SPRING   2017
    2017-02-05 00:43 - 2014-05-02 16:24 - 00000000 ____D C:\Users\Tanya\Desktop\THINKING
    2017-02-02 23:40 - 2014-11-06 23:10 - 00000000 ____D C:\Users\Tanya\Desktop\Les Livres
    2017-02-02 23:35 - 2013-09-25 15:48 - 00000000 ____D C:\Users\Tanya\AppData\Local\Adobe
    2017-02-02 18:29 - 2013-11-09 18:58 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-02-01 09:36 - 2016-03-19 20:00 - 00000000 ____D C:\Users\Tanya\IPFW Spring 2016
    2017-01-30 20:33 - 2014-03-01 07:17 - 00000000 ____D C:\Users\Tanya\Письма
    2017-01-21 19:56 - 2014-09-17 09:37 - 00000000 ____D C:\Users\Tanya\Poetry-1
    2017-01-21 10:14 - 2015-08-25 22:41 - 00000000 ____D C:\Users\Tanya\Desktop\RFI
    2017-01-17 08:38 - 2015-01-22 01:47 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-01-16 08:46 - 2014-09-22 09:51 - 00000000 ____D C:\Users\Tanya\Desktop\La Bible
    2017-01-16 07:42 - 2015-12-27 13:56 - 00000000 ____D C:\Users\Tanya\Desktop\MY PHOTOS
    2017-01-16 07:39 - 2015-01-09 00:39 - 00000000 ____D C:\Users\Tanya\PHOTOS  for pringing
    2017-01-15 21:45 - 2015-11-21 16:19 - 00000000 ____D C:\Users\Tanya\Finances
     
    ==================== Files in the root of some directories =======
     
    2016-08-30 06:58 - 2016-08-30 12:34 - 0138240 _____ () C:\Users\Tanya\AppData\Roaming\Installer.dat
    2013-09-04 18:30 - 2013-09-04 18:30 - 0000021 _____ () C:\Users\Tanya\AppData\Roaming\my_intel.sys
    2016-08-30 07:09 - 2016-08-30 07:05 - 0699904 _____ () C:\Users\Tanya\AppData\Roaming\Roundair.exe
    2013-04-14 06:22 - 2017-02-12 13:16 - 0000515 _____ () C:\Users\Tanya\AppData\Roaming\sp_data.sys
    2014-03-14 18:58 - 2014-10-11 19:08 - 0000110 _____ () C:\Users\Tanya\AppData\Roaming\WB.CFG
    2013-09-04 18:59 - 2015-01-26 12:54 - 0012288 _____ () C:\Users\Tanya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-23 14:47 - 2014-06-23 14:47 - 0000864 _____ () C:\Users\Tanya\AppData\Local\recently-used.xbel
    2015-04-11 11:24 - 2015-04-21 18:42 - 0011746 _____ () C:\Users\Tanya\AppData\Local\Temp-log.txt
    2016-08-30 06:49 - 2016-08-30 06:49 - 0000001 _____ () C:\ProgramData\1111_ver.txt
    2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
    2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll
    [2014-09-24 02:50] - [2014-09-24 02:50] - 0494592 ____A () D41D8CD98F00B204E9800998ECF8427E
     
    C:\WINDOWS\SysWOW64\dnsapi.dll => no Company Name <===== ATTENTION
     
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2014-10-22 15:18
     
    ==================== End of FRST.txt ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
    Ran by Tanya (12-02-2017 13:32:13)
    Running from C:\Users\Tanya\Desktop\frst
    Windows 8.1 (Update) (X64) (2014-10-22 20:33:22)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-637781413-3999183602-1061426373-500 - Administrator - Disabled)
    Guest (S-1-5-21-637781413-3999183602-1061426373-501 - Limited - Disabled)
    Tanya (S-1-5-21-637781413-3999183602-1061426373-1001 - Administrator - Enabled) => C:\Users\Tanya
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.19) - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Amazon Kindle) (Version:  - Amazon)
    ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
    ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
    ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
    paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
    Rosetta Stone DEMO 2.1.3.0S (HKLM-x32\...\Rosetta Stone DEMO 2.1.3.0S) (Version: 2.1.3.0 - Fairfield Language Technologies)
    SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
    Ultimate French 2.0 (HKLM-x32\...\Ultimate French) (Version: 2.0 - McGraw-Hill)
    Unity Web Player (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {487634CA-B431-4E58-8D8E-BC961596502C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
    Task: {7CDA632D-4BCA-42CC-BBD5-D3AD39985E4C} - System32\Tasks\SafeZone scheduled Autoupdate 1475439140 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
    Task: {95FFE0D9-15EE-428D-BFC5-8204D2462436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
    Task: {9F4EA482-625C-4A9D-9BD5-1B6587D76C67} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
    Task: {AA9EE4DC-C49F-4A00-88C5-3E6C3E48B7A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-31] (Microsoft Corporation)
    Task: {ABE250B9-F3EA-44A4-885E-F8A099203251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
    Task: {ADCAD85C-12E8-48FC-BFC0-DC6545696E99} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
    Task: {BD245B97-645C-404D-80D4-4E8BB35D98C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-10] (Adobe Systems Incorporated)
    Task: {EBCDF38D-5FB1-41F4-A236-EE20CED88764} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
    Task: {F82BE19B-CE32-4F51-AD19-4889DFE8727B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {F9C587FD-FF94-44FB-9477-B3EFF928022C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
    Task: {FB8B4518-AE8F-42EC-8FD6-D92C992F0D19} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
    Task: {FF2001C0-E9B3-426E-BFF9-8DF8BE436CE5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Sсrееnshоts in Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat (No File)
    Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat (No File)
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2017-02-08 17:16 - 2017-02-08 17:16 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-10-02 15:08 - 2016-10-02 15:08 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-02-08 17:14 - 2017-02-08 17:14 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-02-08 17:16 - 2017-02-08 17:16 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE restricted site: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\safefinder.com -> hxxp://search.safefinder.com
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 08:25 - 2017-02-11 13:21 - 00001212 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tanya\Documents\paris-wallpaper-hd-21.jpg
    DNS Servers: 208.67.220.220 - 208.67.222.222
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\StartupFolder: => "FreeDownloadmanager.exe"
    HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\Run: => "IJDS4PPVLI"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{C98731A5-C8FA-4E8E-8008-AF33A706C83B}] => C:\Program Files (x86)\Windows Network Accelerater\v1\winvxm.exe
    FirewallRules: [{B6A37033-8D03-472C-B10E-1B515B8F6CC6}] => C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe
    FirewallRules: [{55C68AE0-5D43-494B-840D-95498499B6C7}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{329403EB-9F4C-452A-BE72-E2782A08988C}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{61832BE2-D1E3-4E5C-B193-279E6EF25F47}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0343F5D7-0AC7-4D5C-B08E-25D471CB24A6}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{5D578F2B-EF11-470F-82B5-8E5F7C0D3DD1}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe
    FirewallRules: [{34CAADBC-2A77-4C0D-BBF7-AA99AC6417DD}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe
    FirewallRules: [UDP Query User{17ED0570-3D0E-485E-B71E-8E9BA514EB18}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{9C5D44BC-8CF2-4DD3-8B36-C0F6759DD4BC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [{E270B61A-E26E-4B21-ACEA-5FC8D5EBAC1D}] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{8F914B7B-DD7C-4C35-B75A-1EAAA41E6EB2}] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{9D45DB0A-A941-44A9-A46C-7FA81D947E73}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D4848034-588D-4CFF-824A-EA5971C1CCE0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{675C6D46-CF9F-446B-907E-A00794535B3E}] => LPort=1900
    FirewallRules: [{883B1674-5AED-487A-945E-D2957EC073FC}] => LPort=2869
    FirewallRules: [{9A1C08F8-6157-4C63-A017-B8E69EE84C1F}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{205F85D7-A84C-43DA-8592-92FC9F60D413}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{970CAC63-6963-487D-8DAF-AB3A199C917C}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{7D6095B9-3730-4456-BC06-FFE9E81D3579}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{06D58F03-6C2F-4132-8C8F-519C7EA527EB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{904ED3E2-8802-4A7D-83EC-804EACA8051A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F530BFB2-3322-43DF-94AE-299B44C23295}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    17-10-2016 18:33:27 ASU_MSI_TRAN
    21-10-2016 10:33:36 ASU_MSI_TRAN
    22-11-2016 19:33:09 ASU_MSI_TRAN
    13-01-2017 20:53:40 ASU_MSI_TRAN
    12-02-2017 12:38:48 Removed Java 8 Update 101
    12-02-2017 13:21:01 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Microsoft Wi-Fi Direct Virtual Adapter
    Description: Microsoft Wi-Fi Direct Virtual Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (02/12/2017 01:30:03 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.
     
    The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
     
    Error: (02/12/2017 01:26:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The aswStm service failed to start due to the following error: 
    The system cannot find the file specified.
     
    Error: (02/12/2017 01:18:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
    %%1053 = The service did not respond to the start or control request in a timely fashion.
     
    Error: (02/12/2017 01:18:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error: 
    %%1053 = The service did not respond to the start or control request in a timely fashion.
     
    Error: (02/12/2017 01:18:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (60000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
     
    Error: (02/12/2017 01:18:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error: 
    %%1053 = The service did not respond to the start or control request in a timely fashion.
     
    Error: (02/12/2017 01:18:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (60000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
     
    Error: (02/12/2017 01:15:42 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TATIANA        :0" could not be registered on the interface with IP address 192.168.1.156.
    The computer with the IP address 192.168.1.100 did not allow the name to be claimed by
    this computer.
     
    Error: (02/12/2017 01:15:42 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TATIANA        :0" could not be registered on the interface with IP address 192.168.1.156.
    The computer with the IP address 192.168.1.100 did not allow the name to be claimed by
    this computer.
     
    Error: (02/12/2017 01:15:42 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "TATIANA        :20" could not be registered on the interface with IP address 192.168.1.156.
    The computer with the IP address 192.168.1.100 did not allow the name to be claimed by
    this computer.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-02-12 13:02:04.351
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:04.273
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:04.179
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:03.992
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:03.820
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:56.027
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:55.902
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:55.808
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:53.888
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:53.701
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 37%
    Total physical RAM: 3981.68 MB
    Available physical RAM: 2487.96 MB
    Total Virtual: 8333.68 MB
    Available Virtual: 6957.25 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:94 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:258 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================
     
    Thanks
     
     

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Error: (02/12/2017 01:30:03 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

     

     

    See if you can get it to run a disk check:

     

    http://www.thewindow...cking-windows-8

     

    Then Open an elevated command prompt:

     
     
     
    If you open an elevated command prompt it will by default open in c:\Windows\system32
     
    Once you have an elevated command prompt:
     
    Type(with an Enter after the line):
     
     DISM  /Online  /Cleanup-Image  /RestoreHealth
     
     (I use two spaces so you can be sure to see where one space goes.)
    This will take a while to complete.  Once the prompt returns:
     
    Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
     
    sfc  /scannow
     
     
     
    This will also take a few minutes.  
     
    When it finishes it will say one of the following:
     
    Windows did not find any integrity violations (a good thing)
    Windows Resource Protection found corrupt files and repaired them (a good thing)
    Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
     
    If you get the last result then type:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
     
    Hit Enter.  Then type::
     
     
    notepad  \junk.txt 
     
    Hit Enter. 
     
     Copy the text from notepad and paste it into a reply.
     
     
    After you finish SFC, regardless of the result:
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

    • 0

    #7
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts
    vew did not run said not for that version of windows
     
     
     
     
     
     
     
     
     
     
    [420] Caller did not request sparse mount
    [420] Mounting new image.
    Wim:         [\\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim]
    Image Index: [1]
    Mount Path:  [C:\WINDOWS\TEMP\488d3b9b-ef7b-4bd2-ae10-f94bb769e73e]
    [420] Wimserv process started for guid 19b10573-db88-4a08-a568-8e8e9d69e216.  Id is 1328
    [1328] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [1328] Mounted image at C:\WINDOWS\TEMP\488d3b9b-ef7b-4bd2-ae10-f94bb769e73e.
    [420] [0x8007007b] FIOReadFileIntoBuffer:(1415): The filename, directory name, or volume label syntax is incorrect.
    [420] [0xc142011c] UnmarshallImageHandleFromDirectory:(511)
    [420] [0xc142011c] WIMGetMountedImageHandle:(2568)
    [420] [0x8007007b] FIOReadFileIntoBuffer:(1415): The filename, directory name, or volume label syntax is incorrect.
    [420] [0xc142011c] UnmarshallImageHandleFromDirectory:(511)
    [420] [0xc142011c] WIMGetMountedImageHandle:(2568)
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [420] ImageUnmarshallHandle: Reconstituting wim at \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE\Winre.wim.
    [1328] Received unmount request for image with guid 19b10573-db88-4a08-a568-8e8e9d69e216.
    [1328] Unmount for image at C:\WINDOWS\TEMP\488d3b9b-ef7b-4bd2-ae10-f94bb769e73e complete.
    〲㐱ㄭⴰ㈲ㄠ㨶㜲ㄺⰲ䤠普††††††††䐠卉⁍†䥐㵄㈴‰䥔㵄㐱㠲吠浥潰慲楲祬猠瑥楴杮琠敨猠牣瑡档搠物捥潴祲‮桔獩洠祡戠⁥癯牥楲摤湥戠⁹獵牥氠瑡牥‮‭

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Did you run the disk check on the C:\  ? That looks like the wrong drive.

     

     

    Did dism complete OK?

     

    Did SFC complete without complaint?

     

    VEW works on 10 so it should work on 8.  Did you right click on it and Run As Admin?  

     

    We can use minitoolbox if VEW won't work.  

     

    Please download MiniToolBox, save it to your desktop and run it.
     
    Checkmark just the following checkbox:
     
  • List last 10 Event Viewer Errors
  •  
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    • 0

    #9
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    yes c drive

     

    not sure about completed scans

     

    MiniToolBox by Farbar  Version: 17-06-2016
    Ran by Tanya (administrator) on 12-02-2017 at 20:52:22
    Running from "C:\Users\Tanya\Desktop"
    Microsoft Windows 8.1  (X64)
    Model: K55A Manufacturer: ASUSTeK COMPUTER INC.
    Boot Mode: Network
    ***************************************************************************
     
    ========================= Event log errors: ===============================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (02/12/2017 08:51:35 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
     
    Error: (02/12/2017 08:51:31 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068 = The dependency service or group failed to start.
     
     
    Error: (02/12/2017 08:51:31 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068 = The dependency service or group failed to start.
     
     
    Error: (02/12/2017 08:51:31 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068 = The dependency service or group failed to start.
     
     
    Error: (02/12/2017 08:51:28 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
     
    Error: (02/12/2017 08:51:12 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
     
    Error: (02/12/2017 08:51:12 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
     
    Error: (02/12/2017 08:51:11 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
     
    Error: (02/12/2017 08:51:11 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
     
    Error: (02/12/2017 08:51:05 PM) (Source: DCOM) (User: Tatiana)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
     
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2017-02-12 13:02:04.351
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:04.273
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:04.179
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:03.992
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:02:03.820
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:56.027
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:55.902
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:55.808
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:53.888
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-12 13:00:53.701
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    **** End of log ****

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    It's not complaining about the file system being corrupt now so I guess the disk check worked.  

     

    Did you run dism or sfc?

     

    Usually when they finish they will tell you if they worked or not.

     

    Are you still unable to get online from a regular boot?


    • 0

    #11
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Yes I ran both and yes it now works online from a regular boot :)


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Since you have Avast, let's have it do a boot-time scan.  This takes a long time so I usually let it run at night.

     

     
    Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
    Set Areas to Scan: to All Harddisks
    Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
    Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.

    • 0

    #13
    Cardoctork

    Cardoctork

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Sorry for the late reply I did not find a boot time scan in avast? I did do both avast scan and malwarebyte scan they came back clean and pc has been working correctly now.


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    OK.

     

    What happened with Avast was they came out with a new version.  For future reference (until they change it again) the procedure is now:

     

    Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
     
      Reboot and let it run a scan.  It may take hours.
    Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.
     
    Can I see a new FRST scan with addition.txt checked?

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP