Jump to content


Photo

Asus computer acting funny


  • Please log in to reply
6 replies to this topic

#1 sefnf

sefnf

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 09 December 2016 - 11:47 PM

the following has been happening lately.
i get a blue screen that makes me restart the computer (this has started less than a month ago and only happened 4 or 5 times so far)
browser freezes and leads to blue screen (this has started less than a month ago and only happened 4 or 5 times so far)
my browser gets hijacked to a website that starts with syndication- sounds like the issue talked about here " http://www.removemal...to-follow-steps" (this has been going on for 6 months or more and doesnt happen all the time

I still have a subscription with Kaspersky but i temporarily disabled it because of the following reason.

 

there is a lag delay when i type in the browser and significantly when typing in an outlook email while using the browser platform. i am troubleshooting if the lag is being caused by one of the Kaspersky security features.

 

I installed Avast for now

 

 

below are my logs

 

Malwarebyte

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/9/2016
Scan Time: 2:28 PM
Logfile: malwarebyte fille 2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.09.18
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: dannyid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433301
Time Elapsed: 43 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{7dc72a53-f65b-454a-af15-4ff66fac216e}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7DC72A53-F65B-454A-AF15-4FF66FAC216E}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{7DC72A53-F65B-454A-AF15-4FF66FAC216E}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{b61bc53c-7988-4139-aeb7-1eb7823589e3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{B61BC53C-7988-4139-AEB7-1EB7823589E3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B61BC53C-7988-4139-AEB7-1EB7823589E3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [5df984615c3e3bfb6449ce75d131d12f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [5df984615c3e3bfb6449ce75d131d12f],
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1f3738ad5248f73f9d6d5b0ef0138878],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, Quarantined, [db7b994c56447bbb5f4e6fd0fe05d030],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, Quarantined, [dd7965807228a1955c51de61af54d030],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A8888A9-630F-4BDE-AC59-C0E8D60C2D17}, Delete-on-Reboot, [b89ea144069459ddf71aa9cf06fd19e7],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{393D7047-E0C0-465E-BD4C-5F61E96FFF92}, Delete-on-Reboot, [f066786d0694be78b65bc3b5a65d2fd1],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Popup, Delete-on-Reboot, [1b3be10401994beb6747c17e0af9b050],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, Delete-on-Reboot, [3026469fbcde3105d8d673ccc43f40c0],
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\WebDiscoverBrowser, Quarantined, [8cca26bf6c2e003646c00663798a02fe],
PUP.Optional.Spigot, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{057DE6C0-F2DE-40B4-832A-D8CC986AD6D2}, Quarantined, [dd79e500059555e1cdccd4703fc49e62],

Registry Values: 3
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A8888A9-630F-4BDE-AC59-C0E8D60C2D17}|Path, \ProPCCleaner_Popup, Delete-on-Reboot, [b89ea144069459ddf71aa9cf06fd19e7]
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{393D7047-E0C0-465E-BD4C-5F61E96FFF92}|Path, \ProPCCleaner_Start, Delete-on-Reboot, [f066786d0694be78b65bc3b5a65d2fd1]
PUP.Optional.Spigot, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{057DE6C0-F2DE-40B4-832A-D8CC986AD6D2}|URL, https://search.yahoo...={searchTerms},Quarantined, [dd79e500059555e1cdccd4703fc49e62]

Registry Data: 0
(No malicious items detected)

Folders: 17
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\quarantine, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\locales, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk\1.0_0, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, Quarantined, [025483625a40fa3ced69d7aff50d718f],

Files: 72
PUP.Optional.WinWrapper, C:\Users\dannyid\Downloads\raropener_setup-64668594.exe, Quarantined, [d97d36afaceedc5a04ce26910cf5ae52],
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\searchplugins\yahoo_ff.xml, Quarantined, [acaa796c207a78beace9d173a36039c7],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe.config, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\certificates, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\certificates_filter, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\domains, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\extensions, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\extensions_filter, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\MPLSettings.dll, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\uninstall.exe, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\userinfo.dat, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome.exe, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_100_percent.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_child.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_elf.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\d3dcompiler_47.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\ffmpegsumo.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\icudtl.dat, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\ISightSDK.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\libEGL.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\libGLESv2.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\pdf.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\resources.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\locales\en-US.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Local State, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\History, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\ChromeDWriteFontCache, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\README, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000003.ldb, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000003.ldb, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk\1.0_0\Cached Theme.pak, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=503828&p=");),Replaced,[f26412d33961e155a9ae677a7192ce32]
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=503828&fr=spigot-), Replaced,[d38301e4297156e076028c5a40c31de3]
PUM.Optional.FireFoxSearchOverride, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\user.js, Quarantined, [b0a6ae371f7b81b50e8600e3e51e47b9],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

FRST********************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by dannyid (administrator) on AZUZ1DESK (09-12-2016 20:08:40)
Running from C:\Users\dannyid\Desktop
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-11] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-11-29] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-06-24] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2235 2016-12-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-06] (AVAST Software)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [EPSON Artisan 837] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Artisan 837(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32d50c-ddfc-11e5-8329-bcee7bd9cce4} - "M:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32e01a-ddfc-11e5-8329-bcee7bd9cce4} - "L:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-06] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-02-15]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-02-15]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-02-15]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-03-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1236490B-DA5D-41E8-8F13-AC457124A458}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8039723C-B15F-460C-80FE-FD81F69B91D5}&mid=9fef31acedf047cfa0c46da73d3d2517-b06a5e9c0d52d2126f61e3bd9379753a77db6ea9&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2016-12-06 20:26:37&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {CB602716-2E5F-48C2-9385-6A79ACDC1AF5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-06] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-27] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-06] (AVAST Software)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-27] (AO Kaspersky Lab)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default [2016-12-09]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\kyac6rn3.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Extension: (Firefox Hotfix) - C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358354011-981561540-3637120196-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dannyid\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Translate) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-17]
CHR Extension: (Google Slides) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-17]
CHR Extension: (Google Docs) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09]
CHR Extension: (Google Drive) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Avast SafePrice) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-07]
CHR Extension: (Translate Selected Text) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-07-09]
CHR Extension: (Google Sheets) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Gmail) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-06] (AVAST Software)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244696 2013-06-24] (CyberLink)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-11] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe [127792 2015-10-22] (Intuit, Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
S2 0036621405413677mcinstcleanup; C:\Users\dannyid\AppData\Local\Temp\003662~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-06] (AVAST Software)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-09-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-09-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-09-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-09-11] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 20:08 - 2016-12-09 20:09 - 00027682 _____ C:\Users\dannyid\Desktop\FRST.txt
2016-12-09 20:08 - 2016-12-09 20:08 - 00000000 ____D C:\FRST
2016-12-09 20:02 - 2016-12-09 20:02 - 00019366 _____ C:\Users\dannyid\Desktop\malwarebyte fille 2.txt
2016-12-09 14:25 - 2016-12-09 14:26 - 02420224 _____ (Farbar) C:\Users\dannyid\Desktop\FRST64.exe
2016-12-09 14:23 - 2016-12-09 14:23 - 01017344 _____ C:\Users\dannyid\Desktop\RGSA.exe
2016-12-09 14:12 - 2016-12-09 14:12 - 00317336 _____ C:\Windows\Minidump\120916-26875-01.dmp
2016-12-06 18:56 - 2016-12-06 18:56 - 00364808 _____ C:\Windows\Minidump\120616-72218-01.dmp
2016-12-06 18:55 - 2016-12-09 14:12 - 711873119 ____N C:\Windows\MEMORY.DMP
2016-12-06 17:25 - 2016-12-09 19:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 17:25 - 2016-12-06 17:25 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-06 16:30 - 2016-12-06 16:30 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-06 16:30 - 2016-12-06 16:30 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\AVAST Software
2016-12-06 16:30 - 2016-12-06 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-06 16:29 - 2016-12-06 16:29 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-06 16:29 - 2016-12-06 16:29 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-06 16:29 - 2016-12-06 16:28 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-06 16:28 - 2016-12-06 16:28 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-06 16:28 - 2016-12-06 16:28 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-06 16:28 - 2016-12-06 16:28 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-06 16:28 - 2016-12-06 16:28 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-06 16:24 - 2016-12-06 16:24 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-06 16:22 - 2016-12-06 16:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-06 16:19 - 2016-12-06 16:19 - 06253640 _____ (AVAST Software) C:\Users\dannyid\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-12-06 15:42 - 2016-12-07 17:47 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-06 12:19 - 2016-12-07 17:47 - 00000000 ____D C:\ProgramData\Avg
2016-12-06 12:19 - 2016-12-06 15:53 - 00000000 ____D C:\Users\dannyid\AppData\Local\AvgSetupLog
2016-12-06 12:19 - 2016-12-06 12:19 - 00000000 ____D C:\Users\dannyid\AppData\Local\Avg
2016-12-06 11:24 - 2016-12-06 11:24 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\dannyid\Downloads\AVG_Protection_Free_1606.exe
2016-12-04 19:04 - 2016-12-04 19:04 - 00217081 _____ C:\Users\dannyid\Downloads\Inv_126860_from_Royale_Plumbing_7316.pdf
2016-12-04 16:29 - 2016-12-04 21:44 - 00000000 ____D C:\Users\dannyid\Downloads\Add On
2016-12-02 21:25 - 2016-12-02 21:25 - 00001902 _____ C:\Users\Public\Desktop\SoundTouch.lnk
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\AppData\Local\SoundTouch
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\.SoundTouch
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\.QtWebEngineProcess
2016-12-02 21:24 - 2016-12-02 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch
2016-12-02 20:13 - 2016-12-02 20:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-02 20:13 - 2016-12-02 20:13 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-11-28 12:33 - 2016-11-28 12:33 - 00000000 ____D C:\Users\dannyid\Documents\screenplay
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Users\dannyid\Trelby
2016-11-28 12:26 - 2016-11-28 12:26 - 00000803 _____ C:\Users\Public\Desktop\Trelby.lnk
2016-11-28 12:26 - 2016-11-28 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trelby
2016-11-28 12:25 - 2016-11-28 12:26 - 00000000 ____D C:\Program Files\Trelby
2016-11-28 12:04 - 2016-11-28 12:09 - 09558451 _____ (Trelby.org) C:\Users\dannyid\Downloads\Setup-Trelby-2.2.exe
2016-11-17 08:52 - 2016-11-17 08:52 - 00033131 _____ C:\Users\dannyid\Downloads\11.14.2016 wdm MF Rate Sheet 11-14-2016.pdf
2016-11-09 13:56 - 2016-11-09 13:56 - 00866096 _____ C:\Users\dannyid\Downloads\IMG.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 20:04 - 2014-08-30 21:19 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 20:04 - 2014-08-30 13:43 - 00000000 __RDO C:\Users\dannyid\OneDrive
2016-12-09 20:03 - 2014-07-15 09:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-09 20:03 - 2014-03-22 01:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-09 20:03 - 2013-11-29 01:06 - 00000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2016-12-09 20:03 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 20:02 - 2014-06-14 02:18 - 00000000 ____D C:\Users\dannyid
2016-12-09 19:25 - 2014-08-30 21:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 15:51 - 2014-06-13 23:25 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358354011-981561540-3637120196-1002
2016-12-09 14:53 - 2014-06-14 01:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-12-09 14:45 - 2014-08-25 14:49 - 00000000 ____D C:\Users\dannyid\AppData\Local\Battle.net
2016-12-09 14:27 - 2015-06-03 08:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 14:23 - 2015-06-03 08:40 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-09 14:23 - 2015-06-03 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-09 14:23 - 2015-06-03 08:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-09 14:19 - 2016-09-08 10:09 - 00417088 _____ C:\Windows\system32\perfh00D.dat
2016-12-09 14:19 - 2016-09-08 10:09 - 00065090 _____ C:\Windows\system32\perfc00D.dat
2016-12-09 14:19 - 2013-11-29 00:58 - 01336072 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 14:19 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-12-09 14:15 - 2014-08-25 14:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-09 14:12 - 2015-12-25 10:18 - 00000000 ____D C:\Windows\Minidump
2016-12-09 14:02 - 2016-02-15 22:06 - 00000000 ____D C:\Users\QBDataServiceUser26
2016-12-09 00:28 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-12-07 12:44 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-06 17:25 - 2016-09-24 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-06 17:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-06 17:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-06 16:29 - 2015-09-05 17:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-06 14:11 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-06 12:07 - 2014-07-15 09:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-06 12:01 - 2013-08-22 06:44 - 00584432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-05 17:05 - 2015-01-05 12:54 - 00000000 ____D C:\ProgramData\pdf995
2016-12-05 17:01 - 2015-01-05 12:54 - 00000060 _____ C:\Windows\wpd99.drv
2016-12-05 16:58 - 2016-04-29 21:34 - 00000000 ____D C:\Users\dannyid\Documents\Health
2016-12-03 11:48 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2016-12-03 11:47 - 2015-12-29 16:19 - 00000000 ____D C:\Users\dannyid\AppData\Local\CrashDumps
2016-12-02 23:00 - 2015-12-20 23:29 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\SoundTouchPersist
2016-12-02 23:00 - 2015-12-20 23:29 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\SoundTouch
2016-12-02 21:25 - 2016-10-10 10:11 - 00000000 ____D C:\Program Files (x86)\SoundTouch
2016-12-02 20:13 - 2015-09-26 21:47 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-02 18:40 - 2015-11-23 18:39 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-11-17 12:38 - 2015-09-12 19:57 - 00000000 ____D C:\Users\dannyid\Documents\Dispute
2016-11-12 18:25 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-11-09 17:26 - 2016-06-17 19:27 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-09 17:26 - 2016-06-17 19:27 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-02-15 22:07 - 2016-02-28 16:42 - 0003461 _____ () C:\Users\dannyid\AppData\Roaming\QBFileDrTool.log
2016-01-04 18:13 - 2016-01-04 18:37 - 0017408 _____ () C:\Users\dannyid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-29 01:02 - 2013-11-29 01:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\dannyid\AppData\Local\Temp\ose00000.exe
C:\Users\dannyid\AppData\Local\Temp\_is7DAB.exe
C:\Users\dannyid\AppData\Local\Temp\_is8FC7.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-05 03:51

==================== End of FRST.txt ============================

 

Additions****************************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by dannyid (09-12-2016 20:09:52)
Running from C:\Users\dannyid\Desktop
Windows 8.1 (Update) (X64) (2014-06-14 10:18:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2358354011-981561540-3637120196-500 - Administrator - Disabled)
Daniel Tech Support (S-1-5-21-2358354011-981561540-3637120196-1006 - Administrator - Enabled)
DanielAzuz (S-1-5-21-2358354011-981561540-3637120196-1003 - Limited - Enabled) => C:\Users\DanielAzuz
dannyid (S-1-5-21-2358354011-981561540-3637120196-1002 - Administrator - Enabled) => C:\Users\dannyid
Guest (S-1-5-21-2358354011-981561540-3637120196-501 - Limited - Disabled)
QBDataServiceUser23 (S-1-5-21-2358354011-981561540-3637120196-1004 - Limited - Enabled) => C:\Users\QBDataServiceUser23
QBDataServiceUser26 (S-1-5-21-2358354011-981561540-3637120196-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser26

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.01.05 - ASUSTeK Computer Inc.)

Attached Files



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 10 December 2016 - 07:40 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
 
Please copy the entire contents of the code box below to a new file.
 
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8039723C-B15F-460C-80FE-FD81F69B91D5}&mid=9fef31acedf047cfa0c46da73d3d2517-b06a5e9c0d52d2126f61e3bd9379753a77db6ea9&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2016-12-06 20:26:37&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR Extension: (Avast SafePrice) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 0036621405413677mcinstcleanup; C:\Users\dannyid\AppData\Local\Temp\003662~1.EXE -cleanup -nolog [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
Task: {217B8B74-F634-4F24-ADBF-E9D837A0B15D} - System32\Tasks\Ciorusnie => C:\ProgramData\Ciorusnie\1.0.1.0\kasoiolp.exe <==== ATTENTION
C:\ProgramData\Ciorusnie
C:\Users\dannyid\AppData\Local\Temp\_is7DAB.exe
C:\Users\dannyid\AppData\Local\Temp\_is8FC7.exe
 
Reboot:
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
 
Please let me know what problem persists with this computer.
 

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 sefnf

sefnf

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 19 December 2016 - 11:24 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by dannyid (19-12-2016 08:09:51) Run:1
Running from C:\Users\dannyid\Desktop
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8039723C-B15F-460C-80FE-FD81F69B91D5}&mid=9fef31acedf047cfa0c46da73d3d2517-b06a5e9c0d52d2126f61e3bd9379753a77db6ea9&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2016-12-06 20:26:37&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR Extension: (Avast SafePrice) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 0036621405413677mcinstcleanup; C:\Users\dannyid\AppData\Local\Temp\003662~1.EXE -cleanup -nolog [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
Task: {217B8B74-F634-4F24-ADBF-E9D837A0B15D} - System32\Tasks\Ciorusnie => C:\ProgramData\Ciorusnie\1.0.1.0\kasoiolp.exe <==== ATTENTION
C:\ProgramData\Ciorusnie
C:\Users\dannyid\AppData\Local\Temp\_is7DAB.exe
C:\Users\dannyid\AppData\Local\Temp\_is8FC7.exe

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
Could not restore Default URLSearchHook.
"HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => not found
C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
0036621405413677mcinstcleanup => service removed successfully
nvvad_WaveExtensible => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{217B8B74-F634-4F24-ADBF-E9D837A0B15D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{217B8B74-F634-4F24-ADBF-E9D837A0B15D}" => key removed successfully
C:\Windows\System32\Tasks\Ciorusnie => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ciorusnie" => key removed successfully
"C:\ProgramData\Ciorusnie" => not found.
C:\Users\dannyid\AppData\Local\Temp\_is7DAB.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\_is8FC7.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12938948 B
Java, Flash, Steam htmlcache => 3584 B
Windows/system/drivers => 133781369 B
Edge => 0 B
Chrome => 333533819 B
Firefox => 61646311 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 386187 B
NetworkService => 40012 B
UpdatusUser => 0 B
dannyid => 768123081 B
DanielAzuz => 232556060 B
QBDataServiceUser23 => 0 B
QBDataServiceUser26 => 829122 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:12:04 ====



#4 sefnf

sefnf

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 19 December 2016 - 11:28 AM

Problem 1: I  have a Seagate external hard drive that is not showing up on the home network. It was working fine until right before i posted the first post here.

Problem 2: I am unable to use paste ( the hot key [CTRL+v] on IE on this website. but I was able to on chrome.

                  on IE when I try to click on the paste icons right above this box; I get a warning if I want to allow the website to access my clipboard. I click [allow] but nothing happens.



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 20 December 2016 - 09:18 AM


Problem 1: I have a Seagate external hard drive that is not showing up on the home network. It was working fine until right before i posted the first post here.


You may be able to find a solution on this topic.
http://www.tomshardw...ecting-computer
===

Problem 2: I am unable to use paste ( the hot key [CTRL+v] on IE on this website. but I was able to on chrome.
on IE when I try to click on the paste icons right above this box; I get a warning if I want to allow the website to access my clipboard. I click [allow] but nothing happens.


I spent a good part of an hour looking for this problem.

I have all the administration rights on the forum. How ever I do not used IE to service malware problems.

After reading this article.
https://answers.micr...1d-b027fc494e7d

I tried the Compatibilyty view,and Reset Internet Explorer Settings.

Nothing worked for me also.

If you need to used IE then I suggest you Google this string ie copy and paste not working as I did.
You will find many suggestions but I did not find a solution for the probems we are having.

One suggestions was to remove IE 11 and that IE 10 would be reinstalled.
Not a issues for me.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 sefnf

sefnf

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 25 January 2017 - 05:39 PM

my computer is still running slow and IE is lagging too.

 

is there another step I need to do , or did I already do it?



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 26 January 2017 - 08:24 AM

You can ignore the Copy + Paste with IE 11 on this forum.

I have just been reminded of it. Read this topic.
http://www.spywarein...ypaste-problem/

---

Lets repair some important Services.


Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    07 - Repair Internet Explorer
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!