the following has been happening lately.
i get a blue screen that makes me restart the computer (this has started less than a month ago and only happened 4 or 5 times so far)
browser freezes and leads to blue screen (this has started less than a month ago and only happened 4 or 5 times so far)
my browser gets hijacked to a website that starts with syndication- sounds like the issue talked about here " http://www.removemal...to-follow-steps" (this has been going on for 6 months or more and doesnt happen all the time
I still have a subscription with Kaspersky but i temporarily disabled it because of the following reason.
there is a lag delay when i type in the browser and significantly when typing in an outlook email while using the browser platform. i am troubleshooting if the lag is being caused by one of the Kaspersky security features.
I installed Avast for now
below are my logs
Malwarebyte
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/9/2016
Scan Time: 2:28 PM
Logfile: malwarebyte fille 2.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.12.09.18
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: dannyid
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433301
Time Elapsed: 43 min, 53 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 18
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{7dc72a53-f65b-454a-af15-4ff66fac216e}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7DC72A53-F65B-454A-AF15-4FF66FAC216E}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{7DC72A53-F65B-454A-AF15-4FF66FAC216E}, Quarantined, [b79feef78416082e3773c6958e745fa1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{b61bc53c-7988-4139-aeb7-1eb7823589e3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{B61BC53C-7988-4139-AEB7-1EB7823589E3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B61BC53C-7988-4139-AEB7-1EB7823589E3}, Quarantined, [80d66c795743cf6757545704768cad53],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [5df984615c3e3bfb6449ce75d131d12f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [5df984615c3e3bfb6449ce75d131d12f],
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1f3738ad5248f73f9d6d5b0ef0138878],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, Quarantined, [db7b994c56447bbb5f4e6fd0fe05d030],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, Quarantined, [dd7965807228a1955c51de61af54d030],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A8888A9-630F-4BDE-AC59-C0E8D60C2D17}, Delete-on-Reboot, [b89ea144069459ddf71aa9cf06fd19e7],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{393D7047-E0C0-465E-BD4C-5F61E96FFF92}, Delete-on-Reboot, [f066786d0694be78b65bc3b5a65d2fd1],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Popup, Delete-on-Reboot, [1b3be10401994beb6747c17e0af9b050],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, Delete-on-Reboot, [3026469fbcde3105d8d673ccc43f40c0],
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\WebDiscoverBrowser, Quarantined, [8cca26bf6c2e003646c00663798a02fe],
PUP.Optional.Spigot, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{057DE6C0-F2DE-40B4-832A-D8CC986AD6D2}, Quarantined, [dd79e500059555e1cdccd4703fc49e62],
Registry Values: 3
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A8888A9-630F-4BDE-AC59-C0E8D60C2D17}|Path, \ProPCCleaner_Popup, Delete-on-Reboot, [b89ea144069459ddf71aa9cf06fd19e7]
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{393D7047-E0C0-465E-BD4C-5F61E96FFF92}|Path, \ProPCCleaner_Start, Delete-on-Reboot, [f066786d0694be78b65bc3b5a65d2fd1]
PUP.Optional.Spigot, HKU\S-1-5-21-2358354011-981561540-3637120196-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{057DE6C0-F2DE-40B4-832A-D8CC986AD6D2}|URL, https://search.yahoo...={searchTerms},Quarantined, [dd79e500059555e1cdccd4703fc49e62]
Registry Data: 0
(No malicious items detected)
Folders: 17
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\quarantine, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\locales, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk\1.0_0, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, Quarantined, [025483625a40fa3ced69d7aff50d718f],
Files: 72
PUP.Optional.WinWrapper, C:\Users\dannyid\Downloads\raropener_setup-64668594.exe, Quarantined, [d97d36afaceedc5a04ce26910cf5ae52],
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\searchplugins\yahoo_ff.xml, Quarantined, [acaa796c207a78beace9d173a36039c7],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe.config, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\certificates, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\certificates_filter, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\domains, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\extensions, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\extensions_filter, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\MPLSettings.dll, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\uninstall.exe, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.MalwareProtection, C:\Users\dannyid\AppData\Local\MalwareProtectionLive\userinfo.dat, Quarantined, [f46230b5603a5fd736fb8ec2d82b05fb],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome.exe, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_100_percent.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_child.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\chrome_elf.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\d3dcompiler_47.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\ffmpegsumo.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\icudtl.dat, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\ISightSDK.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\libEGL.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\libGLESv2.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\pdf.dll, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\resources.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.75.2\locales\en-US.pak, Quarantined, [70e6a73e73277fb726c23c07b54ba957],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Local State, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\History, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\ChromeDWriteFontCache, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\README, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000003.ldb, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000003.ldb, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\iifaaldajbmajdljdjdiedokifnaogpk\1.0_0\Cached Theme.pak, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000004.log, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.WebDiscoverBrowser, C:\Users\dannyid\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [025483625a40fa3ced69d7aff50d718f],
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=503828&p=");),Replaced,[f26412d33961e155a9ae677a7192ce32]
PUP.Optional.Spigot, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=503828&fr=spigot-), Replaced,[d38301e4297156e076028c5a40c31de3]
PUM.Optional.FireFoxSearchOverride, C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\user.js, Quarantined, [b0a6ae371f7b81b50e8600e3e51e47b9],
Physical Sectors: 0
(No malicious items detected)
(end)
FRST********************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by dannyid (administrator) on AZUZ1DESK (09-12-2016 20:08:40)
Running from C:\Users\dannyid\Desktop
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-11] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-11-29] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-06-24] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2235 2016-12-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-06] (AVAST Software)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [EPSON Artisan 837] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Artisan 837(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32d50c-ddfc-11e5-8329-bcee7bd9cce4} - "M:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32e01a-ddfc-11e5-8329-bcee7bd9cce4} - "L:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-06] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-02-15]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-02-15]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-02-15]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-03-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1236490B-DA5D-41E8-8F13-AC457124A458}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8039723C-B15F-460C-80FE-FD81F69B91D5}&mid=9fef31acedf047cfa0c46da73d3d2517-b06a5e9c0d52d2126f61e3bd9379753a77db6ea9&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2016-12-06 20:26:37&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {CB602716-2E5F-48C2-9385-6A79ACDC1AF5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-06] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-27] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-06] (AVAST Software)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-27] (AO Kaspersky Lab)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default [2016-12-09]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kyac6rn3.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\kyac6rn3.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Extension: (Firefox Hotfix) - C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358354011-981561540-3637120196-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dannyid\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR Profile: C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Translate) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-17]
CHR Extension: (Google Slides) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-17]
CHR Extension: (Google Docs) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09]
CHR Extension: (Google Drive) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Avast SafePrice) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-07]
CHR Extension: (Translate Selected Text) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-07-09]
CHR Extension: (Google Sheets) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Gmail) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-06] (AVAST Software)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244696 2013-06-24] (CyberLink)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-11] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe [127792 2015-10-22] (Intuit, Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
S2 0036621405413677mcinstcleanup; C:\Users\dannyid\AppData\Local\Temp\003662~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-06] (AVAST Software)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-09-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-09-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-09-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-09-11] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 20:08 - 2016-12-09 20:09 - 00027682 _____ C:\Users\dannyid\Desktop\FRST.txt
2016-12-09 20:08 - 2016-12-09 20:08 - 00000000 ____D C:\FRST
2016-12-09 20:02 - 2016-12-09 20:02 - 00019366 _____ C:\Users\dannyid\Desktop\malwarebyte fille 2.txt
2016-12-09 14:25 - 2016-12-09 14:26 - 02420224 _____ (Farbar) C:\Users\dannyid\Desktop\FRST64.exe
2016-12-09 14:23 - 2016-12-09 14:23 - 01017344 _____ C:\Users\dannyid\Desktop\RGSA.exe
2016-12-09 14:12 - 2016-12-09 14:12 - 00317336 _____ C:\Windows\Minidump\120916-26875-01.dmp
2016-12-06 18:56 - 2016-12-06 18:56 - 00364808 _____ C:\Windows\Minidump\120616-72218-01.dmp
2016-12-06 18:55 - 2016-12-09 14:12 - 711873119 ____N C:\Windows\MEMORY.DMP
2016-12-06 17:25 - 2016-12-09 19:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 17:25 - 2016-12-06 17:25 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-06 16:30 - 2016-12-06 16:30 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-06 16:30 - 2016-12-06 16:30 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\AVAST Software
2016-12-06 16:30 - 2016-12-06 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-06 16:29 - 2016-12-06 16:29 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-06 16:29 - 2016-12-06 16:29 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-06 16:29 - 2016-12-06 16:29 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-06 16:29 - 2016-12-06 16:28 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-06 16:29 - 2016-12-06 16:28 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-06 16:28 - 2016-12-06 16:28 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-06 16:28 - 2016-12-06 16:28 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-06 16:28 - 2016-12-06 16:28 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-06 16:28 - 2016-12-06 16:28 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-06 16:24 - 2016-12-06 16:24 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-06 16:22 - 2016-12-06 16:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-06 16:19 - 2016-12-06 16:19 - 06253640 _____ (AVAST Software) C:\Users\dannyid\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-12-06 15:42 - 2016-12-07 17:47 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-06 12:19 - 2016-12-07 17:47 - 00000000 ____D C:\ProgramData\Avg
2016-12-06 12:19 - 2016-12-06 15:53 - 00000000 ____D C:\Users\dannyid\AppData\Local\AvgSetupLog
2016-12-06 12:19 - 2016-12-06 12:19 - 00000000 ____D C:\Users\dannyid\AppData\Local\Avg
2016-12-06 11:24 - 2016-12-06 11:24 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\dannyid\Downloads\AVG_Protection_Free_1606.exe
2016-12-04 19:04 - 2016-12-04 19:04 - 00217081 _____ C:\Users\dannyid\Downloads\Inv_126860_from_Royale_Plumbing_7316.pdf
2016-12-04 16:29 - 2016-12-04 21:44 - 00000000 ____D C:\Users\dannyid\Downloads\Add On
2016-12-02 21:25 - 2016-12-02 21:25 - 00001902 _____ C:\Users\Public\Desktop\SoundTouch.lnk
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\AppData\Local\SoundTouch
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\.SoundTouch
2016-12-02 21:25 - 2016-12-02 21:25 - 00000000 ____D C:\Users\dannyid\.QtWebEngineProcess
2016-12-02 21:24 - 2016-12-02 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch
2016-12-02 20:13 - 2016-12-02 20:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-02 20:13 - 2016-12-02 20:13 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-11-28 12:33 - 2016-11-28 12:33 - 00000000 ____D C:\Users\dannyid\Documents\screenplay
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Users\dannyid\Trelby
2016-11-28 12:26 - 2016-11-28 12:26 - 00000803 _____ C:\Users\Public\Desktop\Trelby.lnk
2016-11-28 12:26 - 2016-11-28 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trelby
2016-11-28 12:25 - 2016-11-28 12:26 - 00000000 ____D C:\Program Files\Trelby
2016-11-28 12:04 - 2016-11-28 12:09 - 09558451 _____ (Trelby.org) C:\Users\dannyid\Downloads\Setup-Trelby-2.2.exe
2016-11-17 08:52 - 2016-11-17 08:52 - 00033131 _____ C:\Users\dannyid\Downloads\11.14.2016 wdm MF Rate Sheet 11-14-2016.pdf
2016-11-09 13:56 - 2016-11-09 13:56 - 00866096 _____ C:\Users\dannyid\Downloads\IMG.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 20:04 - 2014-08-30 21:19 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 20:04 - 2014-08-30 13:43 - 00000000 __RDO C:\Users\dannyid\OneDrive
2016-12-09 20:03 - 2014-07-15 09:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-09 20:03 - 2014-03-22 01:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-09 20:03 - 2013-11-29 01:06 - 00000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2016-12-09 20:03 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 20:02 - 2014-06-14 02:18 - 00000000 ____D C:\Users\dannyid
2016-12-09 19:25 - 2014-08-30 21:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 15:51 - 2014-06-13 23:25 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358354011-981561540-3637120196-1002
2016-12-09 14:53 - 2014-06-14 01:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-12-09 14:45 - 2014-08-25 14:49 - 00000000 ____D C:\Users\dannyid\AppData\Local\Battle.net
2016-12-09 14:27 - 2015-06-03 08:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 14:23 - 2015-06-03 08:40 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-09 14:23 - 2015-06-03 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-09 14:23 - 2015-06-03 08:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-09 14:19 - 2016-09-08 10:09 - 00417088 _____ C:\Windows\system32\perfh00D.dat
2016-12-09 14:19 - 2016-09-08 10:09 - 00065090 _____ C:\Windows\system32\perfc00D.dat
2016-12-09 14:19 - 2013-11-29 00:58 - 01336072 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 14:19 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-12-09 14:15 - 2014-08-25 14:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-09 14:12 - 2015-12-25 10:18 - 00000000 ____D C:\Windows\Minidump
2016-12-09 14:02 - 2016-02-15 22:06 - 00000000 ____D C:\Users\QBDataServiceUser26
2016-12-09 00:28 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-12-07 12:44 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-06 17:25 - 2016-09-24 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-06 17:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-06 17:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-06 16:29 - 2015-09-05 17:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-06 14:11 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-06 12:07 - 2014-07-15 09:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-06 12:01 - 2013-08-22 06:44 - 00584432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-05 17:05 - 2015-01-05 12:54 - 00000000 ____D C:\ProgramData\pdf995
2016-12-05 17:01 - 2015-01-05 12:54 - 00000060 _____ C:\Windows\wpd99.drv
2016-12-05 16:58 - 2016-04-29 21:34 - 00000000 ____D C:\Users\dannyid\Documents\Health
2016-12-03 11:48 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2016-12-03 11:47 - 2015-12-29 16:19 - 00000000 ____D C:\Users\dannyid\AppData\Local\CrashDumps
2016-12-02 23:00 - 2015-12-20 23:29 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\SoundTouchPersist
2016-12-02 23:00 - 2015-12-20 23:29 - 00000000 ____D C:\Users\dannyid\AppData\Roaming\SoundTouch
2016-12-02 21:25 - 2016-10-10 10:11 - 00000000 ____D C:\Program Files (x86)\SoundTouch
2016-12-02 20:13 - 2015-09-26 21:47 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-02 18:40 - 2015-11-23 18:39 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-11-17 12:38 - 2015-09-12 19:57 - 00000000 ____D C:\Users\dannyid\Documents\Dispute
2016-11-12 18:25 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-11-09 17:26 - 2016-06-17 19:27 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-09 17:26 - 2016-06-17 19:27 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2016-02-15 22:07 - 2016-02-28 16:42 - 0003461 _____ () C:\Users\dannyid\AppData\Roaming\QBFileDrTool.log
2016-01-04 18:13 - 2016-01-04 18:37 - 0017408 _____ () C:\Users\dannyid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-29 01:02 - 2013-11-29 01:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\dannyid\AppData\Local\Temp\ose00000.exe
C:\Users\dannyid\AppData\Local\Temp\_is7DAB.exe
C:\Users\dannyid\AppData\Local\Temp\_is8FC7.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-05 03:51
==================== End of FRST.txt ============================
Additions****************************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by dannyid (09-12-2016 20:09:52)
Running from C:\Users\dannyid\Desktop
Windows 8.1 (Update) (X64) (2014-06-14 10:18:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2358354011-981561540-3637120196-500 - Administrator - Disabled)
Daniel Tech Support (S-1-5-21-2358354011-981561540-3637120196-1006 - Administrator - Enabled)
DanielAzuz (S-1-5-21-2358354011-981561540-3637120196-1003 - Limited - Enabled) => C:\Users\DanielAzuz
dannyid (S-1-5-21-2358354011-981561540-3637120196-1002 - Administrator - Enabled) => C:\Users\dannyid
Guest (S-1-5-21-2358354011-981561540-3637120196-501 - Limited - Disabled)
QBDataServiceUser23 (S-1-5-21-2358354011-981561540-3637120196-1004 - Limited - Enabled) => C:\Users\QBDataServiceUser23
QBDataServiceUser26 (S-1-5-21-2358354011-981561540-3637120196-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser26
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.01.05 - ASUSTeK Computer Inc.)