Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

new infection

Started by Cardoctork , Feb 11 2017 05:44 PM

win32.patched-awm

Please log in to reply

#1
Cardoctork

Posted 11 February 2017 - 05:44 PM

Member

Member
39 posts

Wifes computer is infected has avast and malwarebyte on it I can not get on line with the avast safe brower error message dns not found. I am able to operate in safe mode. One scan says C:windows\syswow64\dnsapi.dll.

these are the results of frst scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-02-2017 01

Ran by Tanya (administrator) on TATIANA (11-02-2017 18:30:30)

Running from C:\Users\Tanya\Desktop

Loaded Profiles: Tanya (Available Profiles: Tanya)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser_crashreporter.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)

HKLM\...\Run: [CTFMon] => C:\Windows\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [ap] => C:\Program Files (x86)\Application Assistance\ap.exe

HKLM-x32\...\Run: [baidusdTray] => "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe" -stmd=3

HKLM-x32\...\Run: [InstallUpdate] => 0

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [MaxTorrent] => "C:\Users\Tanya\AppData\Roaming\MaxTorrent\mtupdate.exe"

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {57d18287-74a1-11e4-beae-08606e0242ec} - "F:\LaunchU3.exe" -a

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\MountPoints2: {e10cdffc-1db8-11e6-bf2f-08606e0242ec} - "G:\AutoRun.exe"

HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION

HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Tanya\AppData\Roaming\Microsoft\Protect\d65556-b65556-34ce3848-8c3ee0-0bf0.rs" <===== ATTENTION

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)

ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => -> No File

ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => -> No File

ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => -> No File

ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => -> No File

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{7B67062E-E4B7-48B8-88A2-763CD6AB783D}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [NameServer] 208.67.220.220,208.67.222.222

Tcpip\..\Interfaces\{939DFE1E-2A49-48AC-9F2C-DE71CFE7086A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl

SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =

SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-637781413-3999183602-1061426373-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_94c55f10_1201_1401_20160417_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-10] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:

========

FF ProfilePath: C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 [2017-02-11]

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> Google

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 ->

FF Homepage: Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678 -> www.google.com

FF Extension: (Firefox Hotfix) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\[email protected] [2016-08-30]

FF Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\dvcckot1.default-1445195486678\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-20]

FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-02]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-02]

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Thunderbird\Extensions: [ms[email protected]] - C:\Program Files\McAfee\MSK => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-10] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-10] ()

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-637781413-3999183602-1061426373-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tanya\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-10-17] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-10-17] <==== ATTENTION

Chrome:

=======

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,

CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,"

CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G8Uzcsdbl0BU,dabac0da-e0b5-4fb6-b123-fb851c5e1949,

CHR DefaultSearchKeyword: Default -> www-searching.com

CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

CHR Profile: C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default [2016-08-30]

CHR Extension: (Google Slides) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]

CHR Extension: (Google Docs) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]

CHR Extension: (Google Drive) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (YouTube) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]

CHR Extension: (Adblock Plus) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]

CHR Extension: (Google Search) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]

CHR Extension: (Google Sheets) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]

CHR Extension: (Google Docs Offline) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]

CHR Extension: (Gmail) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]

CHR Extension: (Chrome Media Router) - C:\Users\Tanya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]

CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bollcafdnolnlnooclcfehjgcbbpabao] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-637781413-3999183602-1061426373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjndibjblceakamilagmcappediilefl] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [100528 2017-02-01] ()

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)

S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)

S2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]

S2 BDKVRTP; "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe" -r [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)

S0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)

S0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)

S0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)

S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)

S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)

S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)

S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)

S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)

S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

S1 bd0003; C:\WINDOWS\System32\DRIVERS\bd0003.sys [67400 2015-01-05] (Baidu)

S2 BDArKit; C:\WINDOWS\System32\DRIVERS\BDArKit.sys [144712 2014-11-21] (Baidu Technology)

R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-09-24] (Microsoft Corporation)

S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-09-24] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 18:30 - 2017-02-11 18:31 - 00021119 _____ C:\Users\Tanya\Desktop\FRST.txt

2017-02-11 18:30 - 2017-02-11 18:30 - 00000000 ____D C:\FRST

2017-02-11 18:28 - 2017-02-11 18:28 - 02421248 _____ (Farbar) C:\Users\Tanya\Desktop\FRST64.exe

2017-02-10 14:14 - 2017-02-10 14:19 - 07517654 _____ C:\Users\Tanya\Downloads\Grammaire_progressive_du_fran_231_ais_avanc_233.pdf

2017-02-10 14:13 - 2017-02-10 14:14 - 01092341 _____ C:\Users\Tanya\Downloads\Corrig_233_s_Grammaire_progressive_du_francais_avanc_233.pdf

2017-02-09 23:04 - 2017-02-09 23:04 - 00000000 ____D C:\Users\Tanya\Desktop\New folder

2017-02-08 17:17 - 2017-02-08 17:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

2017-02-08 17:17 - 2017-02-08 17:14 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys

2017-02-08 17:17 - 2017-02-08 17:14 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys

2017-02-08 17:17 - 2017-02-08 17:14 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys

2017-02-08 17:17 - 2017-02-08 17:14 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys

2017-02-08 17:16 - 2017-02-08 17:16 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2017-01-23 22:34 - 2017-01-23 22:34 - 00059904 _____ C:\Users\Tanya\Desktop\New Microsoft Office Publisher Document.pub

2017-01-21 00:35 - 2017-01-21 00:35 - 04047762 _____ C:\Users\Tanya\BEST FOOD for Runners.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 16:45 - 2014-09-24 02:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-02-11 16:39 - 2016-03-22 18:06 - 00896794 _____ C:\WINDOWS\ntbtlog.txt

2017-02-11 16:39 - 2015-08-25 19:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-02-11 16:20 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-02-11 16:13 - 2013-11-09 18:58 - 00000000 ____D C:\Users\Tanya\AppData\Roaming\Skype

2017-02-11 15:39 - 2013-04-14 06:27 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-637781413-3999183602-1061426373-1001

2017-02-11 15:37 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf

2017-02-11 15:36 - 2015-10-18 14:39 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2017-02-11 15:34 - 2015-10-18 14:39 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2017-02-11 15:34 - 2013-04-14 06:22 - 00000515 _____ C:\Users\Tanya\AppData\Roaming\sp_data.sys

2017-02-11 13:33 - 2016-12-23 09:54 - 00001278 _____ C:\Users\Tanya\Desktop\Rosetta Stone DEMO 2.1.3.0S.lnk

2017-02-11 13:33 - 2016-10-14 22:53 - 00001255 _____ C:\Users\Public\Desktop\Ultimate French.lnk

2017-02-11 13:33 - 2016-10-02 15:13 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\Users\Tanya\Desktop\Avast SafeZone Browser.lnk

2017-02-11 13:33 - 2016-10-02 15:12 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2017-02-11 13:33 - 2015-11-04 20:24 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2017-02-11 13:33 - 2015-05-15 17:00 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2017-02-11 13:33 - 2014-10-22 15:27 - 00000445 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2017-02-11 13:33 - 2014-10-22 15:27 - 00000443 _____ C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2017-02-11 13:33 - 2014-04-24 10:50 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2017-02-11 13:33 - 2012-11-06 14:31 - 00002607 _____ C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk

2017-02-11 13:33 - 2012-11-06 14:30 - 00001944 _____ C:\Users\Public\Desktop\ASUS Product Demo Movie.Lnk

2017-02-11 13:33 - 2012-11-06 14:29 - 00000710 _____ C:\Users\Public\Desktop\eManual.Lnk

2017-02-11 13:33 - 2012-11-06 14:28 - 00002595 _____ C:\Users\Public\Desktop\ASUS InstantOn.lnk

2017-02-11 13:33 - 2012-11-06 14:14 - 00001628 _____ C:\Users\Public\Desktop\ASUS Install.lnk

2017-02-11 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\System

2017-02-11 13:21 - 2016-04-17 15:53 - 00000000 ____D C:\Program Files (x86)\Amazon

2017-02-11 11:59 - 2013-10-21 15:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2017-02-11 11:57 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2017-02-11 00:04 - 2016-08-05 10:51 - 00000000 ____D C:\Users\Tanya\Таня

2017-02-10 23:56 - 2013-07-18 12:42 - 00000000 ____D C:\Users\Tanya\PHOTOS

2017-02-10 23:54 - 2014-10-22 15:27 - 00000000 ____D C:\Users\Tanya

2017-02-10 23:53 - 2013-09-08 00:18 - 00000000 ____D C:\Users\Tanya\Mr. Kauffman

2017-02-10 23:49 - 2016-02-07 11:36 - 00000000 ____D C:\Users\Tanya\Narnia

2017-02-10 23:46 - 2014-02-19 11:53 - 00000000 ____D C:\Users\Tanya\Mom's Stuff

2017-02-10 22:37 - 2014-12-15 02:40 - 00000000 ____D C:\Users\Tanya\Desktop\ART

2017-02-10 22:31 - 2016-08-23 13:41 - 00000000 ____D C:\Users\Tanya\Desktop\IPFE FALL 2016

2017-02-10 21:32 - 2016-04-17 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-02-10 21:31 - 2014-06-03 21:57 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2017-02-10 21:31 - 2014-06-03 21:56 - 00000000 ____D C:\Program Files (x86)\Java

2017-02-10 21:26 - 2013-10-21 15:07 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-02-10 21:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-02-10 19:39 - 2013-04-14 06:45 - 00000000 ____D C:\Users\Tanya\AppData\Local\ElevatedDiagnostics

2017-02-10 19:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-02-10 18:52 - 2016-10-02 15:09 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

2017-02-10 18:51 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Skype

2017-02-10 18:45 - 2016-10-02 15:12 - 00003890 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1475439140

2017-02-10 15:40 - 2015-09-23 18:48 - 00000000 ____D C:\Users\Tanya\CATS

2017-02-10 15:07 - 2015-02-23 20:45 - 00000000 ____D C:\Users\Tanya\Desktop\МОЛОДОСТЬ

2017-02-10 14:58 - 2014-07-19 20:28 - 00000000 ____D C:\Users\Tanya\Desktop\Le Francaise

2017-02-08 21:41 - 2015-02-27 19:26 - 00000000 ____D C:\Users\Tanya\Desktop\Здоровие

2017-02-08 21:31 - 2015-04-07 15:04 - 00000000 ____D C:\Users\Tanya\Desktop\WRITING

2017-02-08 17:16 - 2016-10-02 15:09 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2017-02-08 17:16 - 2016-10-02 15:09 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2017-02-08 17:16 - 2016-10-02 15:09 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2017-02-08 17:16 - 2016-10-02 15:09 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2017-02-08 17:16 - 2016-10-02 15:09 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2017-02-08 17:16 - 2016-10-02 15:09 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2017-02-08 17:15 - 2016-10-02 15:09 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2017-02-08 17:15 - 2016-10-02 15:09 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2017-02-08 14:40 - 2014-03-03 06:21 - 00000000 ____D C:\Users\Tanya\Poetry

2017-02-07 20:49 - 2017-01-11 19:44 - 00000000 ____D C:\Users\Tanya\Desktop\SPRING 2017

2017-02-05 00:43 - 2014-05-02 16:24 - 00000000 ____D C:\Users\Tanya\Desktop\THINKING

2017-02-02 23:40 - 2014-11-06 23:10 - 00000000 ____D C:\Users\Tanya\Desktop\Les Livres

2017-02-02 23:35 - 2013-09-25 15:48 - 00000000 ____D C:\Users\Tanya\AppData\Local\Adobe

2017-02-02 18:29 - 2013-11-09 18:58 - 00000000 ___RD C:\Program Files (x86)\Skype

2017-02-01 09:36 - 2016-03-19 20:00 - 00000000 ____D C:\Users\Tanya\IPFW Spring 2016

2017-01-30 20:33 - 2014-03-01 07:17 - 00000000 ____D C:\Users\Tanya\Письма

2017-01-21 19:56 - 2014-09-17 09:37 - 00000000 ____D C:\Users\Tanya\Poetry-1

2017-01-21 10:14 - 2015-08-25 22:41 - 00000000 ____D C:\Users\Tanya\Desktop\RFI

2017-01-17 08:38 - 2015-01-22 01:47 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2017-01-16 08:46 - 2014-09-22 09:51 - 00000000 ____D C:\Users\Tanya\Desktop\La Bible

2017-01-16 07:42 - 2015-12-27 13:56 - 00000000 ____D C:\Users\Tanya\Desktop\MY PHOTOS

2017-01-16 07:39 - 2015-01-09 00:39 - 00000000 ____D C:\Users\Tanya\PHOTOS for pringing

2017-01-15 21:45 - 2015-11-21 16:19 - 00000000 ____D C:\Users\Tanya\Finances

==================== Files in the root of some directories =======

2016-08-30 06:58 - 2016-08-30 12:34 - 0138240 _____ () C:\Users\Tanya\AppData\Roaming\Installer.dat

2013-09-04 18:30 - 2013-09-04 18:30 - 0000021 _____ () C:\Users\Tanya\AppData\Roaming\my_intel.sys

2016-08-30 07:09 - 2016-08-30 07:05 - 0699904 _____ () C:\Users\Tanya\AppData\Roaming\Roundair.exe

2013-04-14 06:22 - 2017-02-11 15:34 - 0000515 _____ () C:\Users\Tanya\AppData\Roaming\sp_data.sys

2014-03-14 18:58 - 2014-10-11 19:08 - 0000110 _____ () C:\Users\Tanya\AppData\Roaming\WB.CFG

2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat

2015-04-04 23:48 - 2015-04-04 23:50 - 0000172 ____H () C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat

2015-04-04 23:48 - 2015-02-27 13:13 - 0200992 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskStаrtеr.bаt.exe

2015-04-04 23:48 - 2015-02-27 13:13 - 3978016 ____H (Yandex) C:\Users\Tanya\AppData\Roaming\YаndехDiskSсrееnshоtЕditоr.bаt.exe

2013-09-04 18:59 - 2015-01-26 12:54 - 0012288 _____ () C:\Users\Tanya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-11 12:41 - 2014-10-11 12:41 - 0627560 _____ (CMI Limited) C:\Users\Tanya\AppData\Local\nss59B4.tmp

2014-10-11 12:00 - 2014-10-11 12:00 - 0612126 _____ (CMI Limited) C:\Users\Tanya\AppData\Local\nsu6CA4.tmp

2014-06-23 14:47 - 2014-06-23 14:47 - 0000864 _____ () C:\Users\Tanya\AppData\Local\recently-used.xbel

2015-04-11 11:24 - 2015-04-21 18:42 - 0011746 _____ () C:\Users\Tanya\AppData\Local\Temp-log.txt

2016-08-30 06:49 - 2016-08-30 06:49 - 0000001 _____ () C:\ProgramData\1111_ver.txt

2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd

2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:

====================

2015-04-05 00:27 - 2015-04-05 00:27 - 39537752 _____ (百度在线网络技术（北京）有限公司) C:\Users\Tanya\AppData\Local\Temp\BaiduAn.Setup.1117.4.0.0.516_1000161529.exe

2015-04-05 00:13 - 2015-04-05 00:26 - 18064272 _____ (百度在线网络技术（北京）有限公司) C:\Users\Tanya\AppData\Local\Temp\Baidusd.Setup.3.0.0.4609.youqian_1000161529.exe

2016-09-03 12:49 - 2016-09-03 12:50 - 1580445 _____ ( ) C:\Users\Tanya\AppData\Local\Temp\bbf3b93e-5267-4f10-9a8d-6359eb7c50ff.exe

2015-04-05 18:04 - 2014-12-03 21:08 - 0395784 _____ () C:\Users\Tanya\AppData\Local\Temp\BDABrowserProtectUnInstall.exe

2015-10-13 13:12 - 2015-10-13 14:01 - 0821280 ____N () C:\Users\Tanya\AppData\Local\Temp\beeeheieij.exe

2016-09-03 13:15 - 2016-09-03 13:15 - 0074057 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_2.exe

2016-09-03 12:51 - 2016-09-03 13:12 - 9567688 _____ () C:\Users\Tanya\AppData\Local\Temp\ext_4.exe

2016-08-30 20:44 - 2016-08-30 20:45 - 0741440 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u101-windows-au.exe

2015-03-09 11:25 - 2015-03-09 11:25 - 0561576 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u40-windows-au.exe

2015-04-13 11:12 - 2015-04-13 11:12 - 0562088 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u45-windows-au.exe

2016-03-21 10:12 - 2016-03-21 10:12 - 0736320 _____ (Oracle Corporation) C:\Users\Tanya\AppData\Local\Temp\jre-8u77-windows-au.exe

2016-08-30 12:35 - 2016-08-30 12:35 - 9355264 _____ () C:\Users\Tanya\AppData\Local\Temp\MPCSetup_4.3.1.exe

2016-08-30 07:08 - 2016-08-30 07:08 - 0348235 _____ (Wizzlabs ) C:\Users\Tanya\AppData\Local\Temp\NERPQ6UZKL.exe

2015-07-23 14:51 - 2015-07-23 14:51 - 0023040 _____ () C:\Users\Tanya\AppData\Local\Temp\pylF703.tmp.exe

2012-09-10 16:23 - 2012-09-10 16:23 - 0559528 _____ (Helge Klein) C:\Users\Tanya\AppData\Local\Temp\setacl.exe

2016-08-30 06:45 - 2016-08-30 06:45 - 0548341 _____ () C:\Users\Tanya\AppData\Local\Temp\setup.exe

2014-12-11 19:12 - 2016-05-15 20:57 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Tanya\AppData\Local\Temp\SkypeSetup.exe

2016-08-30 12:35 - 2016-08-30 12:36 - 0308538 _____ (sunnyday ) C:\Users\Tanya\AppData\Local\Temp\THZT584M0E.exe

2015-02-15 09:06 - 2015-02-22 23:41 - 0104178 _____ () C:\Users\Tanya\AppData\Local\Temp\Uninstall.exe

2016-08-30 06:57 - 2016-08-30 06:58 - 0450032 _____ (Wizzlabs ) C:\Users\Tanya\AppData\Local\Temp\VNLN9XGDCY.exe

2016-08-30 12:50 - 2016-08-30 12:50 - 0308538 _____ (sunnyday ) C:\Users\Tanya\AppData\Local\Temp\YBCF9EXFSD.exe

2016-03-21 06:17 - 2016-03-21 06:17 - 0000000 _____ () C:\Users\Tanya\AppData\Local\Temp\{72FA825C-6A5C-4229-8CB7-4CA832BEE7A5}-49.0.2623.87_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll

[2014-09-24 02:50] - [2014-09-24 02:50] - 0655360 ____A (Microsoft Corporation) 8C37C2E9C46C81F0B098CAF993CC6ADE

C:\WINDOWS\SysWOW64\dnsapi.dll

[2014-09-24 02:50] - [2014-09-24 02:50] - 0494592 ____A (Microsoft Corporation) 828C3E784D87815A8B32F4D71E65963A

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-22 15:18

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2017 01

Ran by Tanya (11-02-2017 18:34:45)

Running from C:\Users\Tanya\Desktop

Windows 8.1 (Update) (X64) (2014-10-22 20:33:22)

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-637781413-3999183602-1061426373-500 - Administrator - Disabled)

Guest (S-1-5-21-637781413-3999183602-1061426373-501 - Limited - Disabled)

Tanya (S-1-5-21-637781413-3999183602-1061426373-1001 - Administrator - Enabled) => C:\Users\Tanya

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.19) - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)

Amazon Assistant (HKLM-x32\...\{CFCB3B71-2A0F-4E91-8B8E-A9DF809DEF6A}) (Version: 10.17.0201 - Amazon) <==== ATTENTION

Amazon Kindle (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\Amazon Kindle) (Version: - Amazon)

ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)

ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)

ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)

K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)

paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)

Rosetta Stone DEMO 2.1.3.0S (HKLM-x32\...\Rosetta Stone DEMO 2.1.3.0S) (Version: 2.1.3.0 - Fairfield Language Technologies)

SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden

Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13467 - Aztec Media Inc) <==== ATTENTION

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)

Ultimate French 2.0 (HKLM-x32\...\Ultimate French) (Version: 2.0 - McGraw-Hill)

Unity Web Player (HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {487634CA-B431-4E58-8D8E-BC961596502C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)

Task: {7CDA632D-4BCA-42CC-BBD5-D3AD39985E4C} - System32\Tasks\SafeZone scheduled Autoupdate 1475439140 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)

Task: {95FFE0D9-15EE-428D-BFC5-8204D2462436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)

Task: {9F4EA482-625C-4A9D-9BD5-1B6587D76C67} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)

Task: {A6EB1803-B8DE-493F-B1D9-F1E676272233} - \{7E040F47-7909-0504-0A11-04790909110F} -> No File <==== ATTENTION

Task: {AA9EE4DC-C49F-4A00-88C5-3E6C3E48B7A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-31] (Microsoft Corporation)

Task: {ABE250B9-F3EA-44A4-885E-F8A099203251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)

Task: {ADCAD85C-12E8-48FC-BFC0-DC6545696E99} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)

Task: {AFDE44D0-6D8B-45DA-AA4A-FFBC9E1BFA18} - \PastaQuotes -> No File <==== ATTENTION

Task: {BD245B97-645C-404D-80D4-4E8BB35D98C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-10] (Adobe Systems Incorporated)

Task: {EBCDF38D-5FB1-41F4-A236-EE20CED88764} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)

Task: {F82BE19B-CE32-4F51-AD19-4889DFE8727B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {F9C587FD-FF94-44FB-9477-B3EFF928022C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)

Task: {FB8B4518-AE8F-42EC-8FD6-D92C992F0D19} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)

Task: {FF2001C0-E9B3-426E-BFF9-8DF8BE436CE5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlorеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launсh Intеrnеt Ехplorеr Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlоrer Вrowsеr.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhrome.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic

Shortcut: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhrоmе.lnk -> C:\Users\Tanya\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%

ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Sсrееnshоts in Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskScreenshotEditor.bat () -> --"hxxp://photobytes.org/index.php?USA1"

ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk\Yаndех.Disk.lnk -> C:\Users\Tanya\AppData\Roaming\YandexDiskStarter.bat () -> --"hxxp://photobytes.org/index.php?USA1"

ShortcutWithArgument: C:\Users\Tanya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) ==============

2017-02-10 18:45 - 2017-02-03 05:32 - 68860960 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.527\SZBrowser.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\safefinder.com -> hxxp://search.safefinder.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-02-11 13:21 - 00001212 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com

127.0.0.1 123.sogou.com

127.0.0.1 www.czzsyzgm.com

127.0.0.1 www.czzsyzxl.com

127.0.0.1 union.baidu2019.com

127.0.0.1 down.baidu2016.com

127.0.0.1 123.sogou.com

127.0.0.1 www.czzsyzgm.com

127.0.0.1 www.czzsyzxl.com

127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tanya\Documents\paris-wallpaper-hd-21.jpg

DNS Servers: 208.67.220.220 - 208.67.222.222

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "AnonymizerGadget"

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\StartupFolder: => "FreeDownloadmanager.exe"

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\Run: => "Caster"

HKU\S-1-5-21-637781413-3999183602-1061426373-1001\...\StartupApproved\Run: => "IJDS4PPVLI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139

FirewallRules: [{C98731A5-C8FA-4E8E-8008-AF33A706C83B}] => C:\Program Files (x86)\Windows Network Accelerater\v1\winvxm.exe

FirewallRules: [{B6A37033-8D03-472C-B10E-1B515B8F6CC6}] => C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe

FirewallRules: [{55C68AE0-5D43-494B-840D-95498499B6C7}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe

FirewallRules: [{329403EB-9F4C-452A-BE72-E2782A08988C}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe

FirewallRules: [{61832BE2-D1E3-4E5C-B193-279E6EF25F47}] => C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{0343F5D7-0AC7-4D5C-B08E-25D471CB24A6}] => C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{5D578F2B-EF11-470F-82B5-8E5F7C0D3DD1}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe

FirewallRules: [{34CAADBC-2A77-4C0D-BBF7-AA99AC6417DD}] => C:\Program Files (x86)\Heroes & Generals\live\hng.exe

FirewallRules: [UDP Query User{17ED0570-3D0E-485E-B71E-8E9BA514EB18}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe

FirewallRules: [TCP Query User{9C5D44BC-8CF2-4DD3-8B36-C0F6759DD4BC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe

FirewallRules: [{E270B61A-E26E-4B21-ACEA-5FC8D5EBAC1D}] => C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{8F914B7B-DD7C-4C35-B75A-1EAAA41E6EB2}] => C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{9D45DB0A-A941-44A9-A46C-7FA81D947E73}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{D4848034-588D-4CFF-824A-EA5971C1CCE0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{675C6D46-CF9F-446B-907E-A00794535B3E}] => LPort=1900

FirewallRules: [{883B1674-5AED-487A-945E-D2957EC073FC}] => LPort=2869

FirewallRules: [{9A1C08F8-6157-4C63-A017-B8E69EE84C1F}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{205F85D7-A84C-43DA-8592-92FC9F60D413}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{970CAC63-6963-487D-8DAF-AB3A199C917C}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{7D6095B9-3730-4456-BC06-FFE9E81D3579}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{14A29D62-1C22-45B3-ACBF-1960DB7AE503}] => C:\Program Files (x86)\Windows Optimizer\P5\winfix.exe

FirewallRules: [{9950C556-9B41-46B9-BDF3-549DAD7835CF}] => C:\Program Files (x86)\Windows Optimizer\P5\optimizer.exe

FirewallRules: [{AF5F0554-28FA-47AF-87B9-80220F9112F3}] => C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe

FirewallRules: [{C8046388-79C4-46DD-A475-23A5B5CB2669}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{E223FD1D-CC7E-4BC5-95BF-EB47DFBDFE2B}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{FE773CE4-B1F4-4FDC-9723-15A185E113A3}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{837B0D13-BF6C-4C5A-8217-762009AB7391}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{C5A056D9-BD90-43C9-AF13-A068325DBF06}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{C1E54075-E02B-4889-8DC6-0D964EFD3AD0}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdSvc.exe

FirewallRules: [{C7A420E2-5ADB-4D47-A3DC-CA3D06296514}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{A1910632-AE55-4D00-BBFC-2EEA35471F81}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{A0B1FC51-23F6-4C14-8151-210024F87321}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{6837B1B8-D0D6-433A-BCF1-3146B5776903}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{9ACE7891-781C-4B87-9F20-CDD0C1A34200}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{7B20ABCB-0C39-4D4E-B264-DCE5D78A9215}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSd.exe

FirewallRules: [{D62EA439-CB0B-44DF-86F6-D5DA14514EED}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{3F21500A-DA47-4B34-9254-44DCC0A810F2}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{EBC53FE1-31A7-4966-B12D-E76B898EF8BE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{481912B3-3AA6-480E-9E19-BECA7DFF8D42}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{A2BB2487-E9D1-4919-90CE-03AE6699B742}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{63A15B98-4531-403D-9DBD-A1B81791861F}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdTray.exe

FirewallRules: [{C04B73E2-4C5E-43DD-A535-5DB4B127A356}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{C7FE084D-77B0-4C94-9812-AEB997B14CDA}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{DD5A498E-A375-458D-989E-B624B93295AD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{025EBDB4-AEE1-496E-BD14-E56CDBC91A50}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{C3B90C54-EF38-44A3-A063-23A0767C3EE6}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{887F448E-9615-43BC-88CE-F6D737BC8D36}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdUpdate.exe

FirewallRules: [{C239B72D-20C9-40C3-966B-90F16554C85A}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{AE88A97A-C803-4B0C-A5E7-93731D0F7E60}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{D35A892B-BBE6-4122-BB83-7EC25868FADD}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{88B0DAF8-1E2E-4EA9-BFAA-C6FE71C351AC}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{6E305FFF-4D1E-4681-8A91-BB89F2F13987}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{E56D7F52-E8C2-48BE-BEC8-364D2AEE397E}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BaiduSdBugRpt.exe

FirewallRules: [{84C6F5BE-3805-4188-8256-13A4260579F5}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{088C153D-8842-4CB0-8FE1-D013FB25FC15}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{6419A913-179E-48A4-8E8E-0ABE9429A8DE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{D222D0F3-5772-4261-A84E-1A2AF5F4A9EE}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{948F86B7-5520-4414-9F49-7AF608BB9357}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{BA1DAE3D-496D-412E-AEEC-C96B4AC8C488}] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\BdBro.exe

FirewallRules: [{06D58F03-6C2F-4132-8C8F-519C7EA527EB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{904ED3E2-8802-4A7D-83EC-804EACA8051A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1C102890-118B-42AE-A4DB-D2204E78BC60}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe

FirewallRules: [{F8F71059-A8D2-4A2D-9122-30E9CB515B26}] => C:\Users\Tanya\AppData\Local\Temp\MPCOnline\MPCDownload.exe

FirewallRules: [{F530BFB2-3322-43DF-94AE-299B44C23295}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-10-2016 17:40:49 ASU_MSI_TRAN

03-10-2016 18:39:04 Windows Modules Installer

17-10-2016 18:33:27 ASU_MSI_TRAN

21-10-2016 10:33:36 ASU_MSI_TRAN

22-11-2016 19:33:09 ASU_MSI_TRAN

13-01-2017 20:53:40 ASU_MSI_TRAN

==================== Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter

Description: Microsoft Wi-Fi Direct Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (02/02/2017 11:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc00000fd

Fault offset: 0xaf0dc9da

Faulting process id: 0x1754

Faulting application start time: 0x01d27dd71dbdaa1e

Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

Faulting module path: unknown

Report Id: 5e466078-e9ca-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0x1754

Faulting application start time: 0x01d27dd71dbdaa1e

Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

Report Id: 5e334d7f-e9ca-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc00000fd

Fault offset: 0xaf0dc9da

Faulting process id: 0xfbc

Faulting application start time: 0x01d27dd6a220b0f6

Faulting application path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Faulting module path: unknown

Report Id: e250fe79-e9c9-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0xfbc

Faulting application start time: 0x01d27dd6a220b0f6

Faulting application path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Faulting module path: C:\Users\Tanya\AppData\Local\Temp\scoped_dir6024_7549\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Report Id: e237cf05-e9c9-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: Глянцевые волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0x1754

Faulting application start time: 0x01d27dd6730faad7

Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

Report Id: b337058a-e9c9-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0x14fc

Faulting application start time: 0x01d27dd3e9cdbfe4

Faulting application path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Report Id: 2947c9be-e9c7-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:13:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc00000fd

Fault offset: 0xaf0dc9da

Faulting process id: 0x14ec

Faulting application start time: 0x01d27dd3dcd56fa0

Faulting module path: unknown

Report Id: 1d617dde-e9c7-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 11:13:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0x14ec

Faulting application start time: 0x01d27dd3dcd56fa0

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Report Id: 1d4c4488-e9c7-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/02/2017 10:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0x9d0

Faulting application start time: 0x01d27dcf4a13e32e

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Report Id: 8dc5181b-e9c2-11e6-bfa7-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

Error: (02/01/2017 04:23:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Faulting module name: 1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe, version: 1.0.0.0, time stamp: 0x54772bc9

Exception code: 0xc0000005

Fault offset: 0x00005c7d

Faulting process id: 0xf20

Faulting application start time: 0x01d27cd16c80c5a4

Faulting module path: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\1. Глянцевыи#U0306 волосы мгновенно - Вступление.exe

Report Id: af32aee2-e8c4-11e6-bfa6-08606e0242ec

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:37:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)

Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/11/2017 06:34:46 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/11/2017 06:31:25 PM) (Source: DCOM) (EventID: 10005) (User: Tatiana)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

CodeIntegrity:

===================================

Date: 2017-01-29 21:35:04.326

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-29 21:35:04.170

Date: 2017-01-29 21:35:03.888

Date: 2017-01-24 00:00:41.566

Date: 2017-01-24 00:00:41.432

Date: 2017-01-24 00:00:41.251

Date: 2016-11-27 11:48:13.146

Date: 2016-11-27 11:48:13.033

Date: 2016-11-27 11:48:12.925

Date: 2016-11-27 11:48:09.438

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 42%

Total physical RAM: 3981.68 MB

Available physical RAM: 2293.9 MB

Total Virtual: 8333.68 MB

Available Virtual: 6552.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:76.24 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:258 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)

Partition: GPT.

==================== End of Addition.txt ============================

Please note wife is Russian so scans will show both languages

#2
RKinner

Posted 12 February 2017 - 09:04 AM

Malware Expert

Expert
24,485 posts

Go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions of Java (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 8 Update 101

Java 8 Update 77

Also uninstall

Amazon Assistant (Foistware you got when you last updated Java)

Settings Manager (Not sure what it is but FRST doesn't like it)

She has something on her desktop called: C:\Users\Tanya\Desktop\МОЛОДОСТЬ\ВОЛОСЫ\Глянцевые волосы\Глянцевые волосы мгновенно - Вступление.exe

No idea what it is but it creates an error when she tries to run it so it probably should be deleted.

Download the attached fixlist.txt to the same location as FRST

[attachment=83972:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#3
Cardoctork

Posted 12 February 2017 - 10:16 AM

Member

Topic Starter
Member
39 posts

Is it ok to do this in safe mode as that is how I was able to connect to the internet.

Thanks

#4
RKinner

Posted 12 February 2017 - 10:44 AM

Malware Expert

Expert
24,485 posts

Yes. Should be fine.

#5
Cardoctork

Posted 12 February 2017 - 12:56 PM

Member

Topic Starter
Member
39 posts

Did all those things. Had to remove programs in normal windows would not work in safe mode. Still can not connect to internet except in safe mode, browser open but error dns not found message.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017

Ran by Tanya (12-02-2017 12:47:38) Run:1

Running from C:\Users\Tanya\Desktop\frst

Loaded Profiles: Tanya (Available Profiles: Tanya)

Boot Mode: Normal

==============================================

fixlist content:

*****************