Solved I can’t open antivirus or any website related to it for windows

ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 4 - OA, OP\assigned readings\Calcium Calculator™ _ BC Dairy Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://bcdairy.ca/nutritioneducation/calciumcalculator/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\Basic Meal Planning _ Canadian Diabetes Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.diabetes.ca/diabetes-and-you/healthy-living-resources/diet-nutrition/basic-meal-planning
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\CDA Clinical Practice Guidelines - Patient Resources.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://guidelines.diabetes.ca/PatientResources
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\Guidelines for Minor Ailment Prescribing - University of Saskatchewan.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.medsask.usask.ca/professional/guidelines/index.php
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM204\Lectures\Canadian Stroke Best Practice Recommendations.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.strokebestpractices.ca/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM203\Workshops\Workshop 1 - meningitis\literature\CARA_ Canadian Antimicrobial Resistance Alliance.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.can-r.com/study.php?study=antb2013
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\previous year\PHM204\Lectures\Canadian Stroke Best Practice Recommendations.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.strokebestpractices.ca/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\previous year\PHM203\Workshops\Workshop 1 - meningitis\literature\CARA_ Canadian Antimicrobial Resistance Alliance.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.can-r.com/study.php?study=antb2013
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\PHM206-MTM 3\labs\lab 3-OA-OP-pain\previous ones\assigned readings\Calcium Calculator™ _ BC Dairy Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://bcdairy.ca/nutritioneducation/calciumcalculator/
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sumo Paint.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mlfedaecajcncfkjfllofcfcjfhiopim
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\WOLFY1000 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ebd56dad7f13a36\Skype.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lifbcibllhkdhoafpjfnlhfpfgnpldfl

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 04:24 - 2015-07-10 04:24 - 000022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-09 23:57 - 2015-09-09 23:57 - 000025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 04:25 - 2015-07-10 04:25 - 000007680 _____ () C:\Windows\System32\WppRecorderUM.dll
2016-11-11 10:21 - 2016-10-25 02:17 - 000301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-04-11 22:15 - 2017-01-17 02:17 - 000090304 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000025704 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-07-20 10:24 - 2018-07-20 10:24 - 000017512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000037480 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2018-06-24 17:16 - 2018-07-10 09:40 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-01-04 14:41 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2016-12-31 16:37 - 2016-11-19 04:52 - 001766496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-08-26 14:53 - 2013-08-26 14:53 - 000056320 _____ () C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe
2013-08-26 14:53 - 2013-08-26 14:53 - 000394752 _____ () C:\Program Files\ASUS\ASUS Reading Mode\CCTReaderMode.dll
2013-08-26 14:53 - 2013-08-26 14:53 - 000113152 _____ () C:\Program Files\ASUS\ASUS Reading Mode\AppVisibilityNotifyLib_x86.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000118888 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000104040 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000362088 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-07-20 10:24 - 2018-07-20 10:24 - 000058984 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-07-10 17:59 - 2018-07-10 13:46 - 000047104 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\_socket.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000085504 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\_ctypes.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000053760 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\_bz2.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 001331200 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\_ssl.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000182272 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\_decimal.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000758784 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\unicodedata.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000096768 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\win32api.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000104960 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\pywintypes34.dll
2018-07-10 17:59 - 2018-07-10 13:46 - 000133120 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\pyexpat.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000009728 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\select.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000035840 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\win32process.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000254976 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000036864 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000013824 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000043520 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000031232 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000070656 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000022528 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000029184 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000011264 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000024064 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000029184 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 001847296 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\PySide\QtCore.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000115712 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\PySide\shiboken-python3.4.dll
2018-07-10 17:59 - 2018-07-10 13:46 - 000113152 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\PySide\pyside-python3.4.dll
2018-07-10 17:59 - 2018-07-10 13:46 - 006935040 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\PySide\QtGui.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000033792 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\modules\apps\contenttools\inflate.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000009728 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\modules\apps\contenttools\atomic.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000039424 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\modules\apps\contenttools\rollinghash.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000166912 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\win32gui.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000010752 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000009728 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd
2018-07-10 17:59 - 2018-07-10 13:46 - 000029696 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd
2018-07-10 17:59 - 2018-07-05 21:10 - 000034304 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\win32_lib.dll
2018-03-28 08:44 - 2018-03-28 08:44 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2018-07-10 17:59 - 2018-07-10 13:47 - 001702400 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\ffmpeg.dll
2018-07-10 17:59 - 2018-07-10 13:47 - 000159232 _____ () \\?\C:\Program Files\Nexon\Nexon Launcher\bin\front_end\node_modules\zmq\build\Release\zmq.node
2018-07-10 17:59 - 2018-07-10 13:47 - 002517504 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\libglesv2.dll
2018-07-10 17:59 - 2018-07-10 13:47 - 000015872 _____ () C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\libegl.dll
2018-06-26 16:17 - 2018-06-22 15:04 - 003867480 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 16:17 - 2018-06-22 15:04 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaiospi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 02:13 - 2018-02-05 09:14 - 000000883 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-48903865-4041566842-226505006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Quan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ASUSPRP"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{220A3A1F-A30E-400B-B444-93CBE0F617D4}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{44A1B72B-F029-447A-A3A3-3CC4F6FE2DE5}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [TCP Query User{D834CBDE-5F3E-4B9C-B404-472C04A53D42}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [{BC17C317-622F-4FBE-A1F4-B30B0C3C0761}] => (Allow) C:\Users\Quan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F04CE79C-D6D0-4D1F-A193-38C86D0C3E52}C:\users\quan\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\quan\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{C01DFBDE-97BB-4F21-88BA-0CFE3BB32D52}C:\users\quan\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\quan\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{16D8F28E-9DDF-4431-A8D3-DE40ED7E89D7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D7E0C4AA-6476-4EDE-BD92-BF601E75C22C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2914E633-6DC3-4079-9727-B0F72A694100}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D4A283F8-8389-4C39-9FE6-7394C3AA51D8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{879AC395-DD4D-4E56-B7AC-37AF5C8BA32F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FDB2053A-4DC8-4B4B-A37B-92CC2ED9EA42}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88397693-2331-48EC-A6C9-9365D0E95E95}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73F4F95E-3AED-4D27-9735-A38838F5F4C2}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE5E3A53-4A15-436E-93C4-F916A462B266}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AA323F2-7079-45B7-A62E-875AE38E3DFB}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{762EBE2B-9C15-4ABC-B9C2-755D7915949E}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71008269-8E71-4794-AF4A-05B0C6BAB563}] => (Allow) C:\WINDOWS\system32\msiexec.exe
FirewallRules: [{8FBBDBBC-2B20-43D8-A403-B631F1A1C256}] => (Allow) C:\Users\Quan\MiiniNBAeH.exe
FirewallRules: [{B5C3B04A-6065-466B-8FDB-9DD6F429FA92}] => (Allow) C:\Users\Quan\AppData\Roaming\zbEIkooQJeZ.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2018 09:14:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 09:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 08:18:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 07:48:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 07:48:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 07:48:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 05:59:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/21/2018 05:59:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/21/2018 08:02:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error:
The operation completed successfully.

Error: (07/21/2018 07:52:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (07/21/2018 07:50:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (07/21/2018 05:59:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/21/2018 05:59:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/21/2018 05:59:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/21/2018 05:59:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/21/2018 05:51:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-07-19 21:54:05.072
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {603FD5E5-BD0F-4672-B561-AD8B82D4AC21}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-17 22:32:31.803
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6B1801B7-1516-49E1-8F61-C8A7E8EC4CAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-16 21:30:16.498
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {66B39E0C-A816-4C93-990A-5A5BA5E6DE17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-13 22:26:06.390
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {03CD4BCF-A329-4F0B-AD74-6419C50EC091}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-13 18:38:41.398
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {213D811C-74FF-42B1-8856-211AFC0EDCD1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-17 09:51:00.476
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1363.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-06-17 09:51:00.475
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1363.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-21 13:30:26.751
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1212.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

Date: 2018-05-21 13:30:26.741
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1212.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

Date: 2018-05-21 13:30:22.653
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 83%
Total physical RAM: 1933.16 MB
Available physical RAM: 315.32 MB
Total Virtual: 3742.84 MB
Available Virtual: 769.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.21 GB) (Free:2.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:29.81 GB) (Free:6.19 GB) FAT32

\\?\Volume{3187bda6-72f5-433e-b695-629fed78702f}\ (Recovery) (Fixed) (Total:0.68 GB) (Free:0.31 GB) NTFS
\\?\Volume{3f6e9275-df6c-41c3-b517-b882603c962c}\ (Restore) (Fixed) (Total:7.03 GB) (Free:1.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: E5991876)

Partition: GPT.

========================================================
 
Disk: 1 (Protective MBR) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 5ADA625F)

Partition: GPT.

==================== End of Addition.txt ============================
 
Thanks :)

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
The scan is not complete for the roguekiller but now on my tabs from time to time I see random websites and one of them had malware
 

Attachments

  • screenshot-192.168.1.1-30000-2018.07.22-13-49-35.png
    screenshot-192.168.1.1-30000-2018.07.22-13-49-35.png
    73.5 KB · Views: 0
Operating System : Windows 10 (10.0.10240) 32 bits version
Started in : Normal mode
User : Quan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 07/22/2018 12:11:48 (Duration : 02:25:21)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Windows\CurrentVersion\Run | 4399GameHall : C:\Users\Quan\AppData\Local\4399\4399GameHall\4399GameHall.exe [x] -> Deleted
[PUP.Gen1] HKEY_USERS\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion : C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [7] -> Deleted
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WCAssistantService (C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Deleted
[PUM.HomePage] HKEY_USERS\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{40a6eca6-797a-43d6-94b7-d2f9655a7ec3} | DhcpNameServer : 13.6.0.99 ([United States]) -> Replaced ()
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BC17C317-622F-4FBE-A1F4-B30B0C3C0761} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Quan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| [x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F04CE79C-D6D0-4D1F-A193-38C86D0C3E52}C:\users\quan\appdata\local\skypeplugin\pluginhost.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\quan\appdata\local\skypeplugin\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C01DFBDE-97BB-4F21-88BA-0CFE3BB32D52}C:\users\quan\appdata\local\skypeplugin\pluginhost.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\quan\appdata\local\skypeplugin\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| [x] -> Deleted

¤¤¤ Tasks : 3 ¤¤¤
[Hj.Shortcut] \{3BCE65B8-982C-C0B6-5D11-4B7FF272BB6B} -- "C:\Program Files\Google\Chrome\Application\chrome.exe" (http://hophitnews.ru/cl/?guid=ki42s2fblzm9d5lxa61uacao9v0azsw9&prid=1&pid=4_1324_0) -> Deleted
[Hj.Shortcut] \{7C95C3B3-558B-5A70-E175-0ACED6FFA908} -- "C:\Program Files\Google\Chrome\Application\chrome.exe" (http://hophitnews.ru/cl/?guid=fu0r73sm8wkx8vvxeah2in4lk71q3b39&prid=1&pid=4_1324_0) -> Deleted
[Hj.Shortcut] \{F83D95A3-6278-CF60-7926-DC44DCA8FCD1} -- "C:\Program Files\Google\Chrome\Application\chrome.exe" (http://hophitnews.ru/cl/?guid=k3ssuake7177ickllcjqeh3bhkfsjaou&prid=1&pid=4_1324_0) -> Deleted

¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Removed at reboot [91]
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Icons -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\WCAssistantServiceLog.log -> Removed at reboot [20]
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs -> Removed at reboot [91]
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\CurrentReleaseNotes.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\install.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\partner.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\UpdateServer.txt -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Options -> Deleted
[PUP.Gen1][Folder] C:\Users\Quan\AppData\Roaming\Lavasoft\Web Companion -> Deleted
[PUP.Gen1][File] C:\Users\Quan\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt -> Deleted
[PUP.Gen1][Folder] C:\Users\Quan\AppData\Roaming\Lavasoft\Web Companion\Options -> Deleted
[PUP.uTorrentAds][File] C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Removed at reboot [5]
[PUP.SysTweak|PUP.Gen1][Folder] C:\Users\Quan\AppData\Roaming\WinThruster -> Deleted
[PUP.SysTweak|PUP.Gen1][Folder] C:\Users\Quan\AppData\Roaming\WinThruster\WL -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Removed at reboot [91]
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\WCAssistantServiceLog.log -> Removed at reboot [20]
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion -> Removed at reboot [91]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\BCUEngineS.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\BCUSDK.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\BrowserManager.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\BrowserParameters.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\de-DE -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\en-US -> Removed at reboot [91]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\es-ES -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Esent.Interop.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\Extension -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\fr-CA -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Interop.Shell32.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\it-IT -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\ja-JP -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.IEController.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SmartAssemblyUI.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\liblz4.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\log4net.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\LogicNP.EZShellExtensions.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\LZ4.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\MozCompressor.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\pt-BR -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\ru-RU -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\SmartAssembly.ReportException.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\SmartExceptionsCore.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\System.Data.SQLite.dll -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\tr-TR -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\ucrtbased.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\vcruntime140d.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebcompaionReimageIcon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe -> Removed at reboot [5]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionExtensionIE.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionIcon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\x64 -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll -> Removed at reboot [5]
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\x86 -> Removed at reboot [91]
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\zh-CHS -> Deleted
[PUP.Gen1][File] C:\Program Files\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application\zh-Hans -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Lavasoft\Web Companion\Application -> Removed at reboot [91]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SEM32G +++++
--- User ---
[MBR] 92dde6bfffb3f94cdeee4ea86791e7f6
[BSP] 09433dd3514c36bc2bcfaab1285f4797 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 700 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 28890 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 91fb8a70c98a542ef44c2d620b1f568b
[BSP] f685f4330abe95585b73280ed91263d7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 7202 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic SD Card +++++
--- User ---
[MBR] 2302214939545e38afde0ce8df419a08
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30531 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-07-19.5
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-22-2018
# Duration: 00:00:31
# OS: Windows 10 Home
# Scanned: 41453
# Detected: 10


***** [ Services ] *****

PUP.Optional.Legacy WCAssistantService

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy C:\Program Files\lavasoft\web companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKLM\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1590 octets] - [24/06/2018 17:18:34]
AdwCleaner[C00].txt - [1626 octets] - [24/06/2018 17:19:00]
AdwCleaner[S01].txt - [1364 octets] - [24/06/2018 17:44:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Quan (administrator) on QZHENG168 (22-07-2018 19:00:44)
Running from C:\Users\Quan\Downloads\FRST-OlderVersion
Loaded Profiles: Quan (Available Profiles: Quan)
Platform: Microsoft Windows 10 Home 10240.17202 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
() C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\Medibang\MediBang Paint Pro\MediBangPaintPro.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
() C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x86__mkdtfchztkfbm\opener-rar.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-31] (Intel Corporation)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-09-05] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2653912 2013-07-16] (Realtek Semiconductor)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [GoogleChromeAutoLaunch_C9B322562CECB97BE12471C4C78F3635] => C:\Program Files\Google\Chrome\Application\chrome.exe [1458008 2018-06-22] (Google Inc.)
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [uTorrent] => C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-07-20] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2018-07-10]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cf5a1fd-95b7-41c8-bf4f-66aaad4bcf83}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f92562d8-a64b-4ba8-bdbf-5a6db852a0ca}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-48903865-4041566842-226505006-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-03-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-48903865-4041566842-226505006-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Quan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2018-05-12] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default [2018-07-22]
CHR Extension: (Google Translate) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-05-06]
CHR Extension: (Slides) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-22]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Skype Calling) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-06]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Honey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-07-22]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-06-08]
CHR Extension: (Google Search) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Sheets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-17]
CHR Extension: (Google Hangouts) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-06-30]
CHR Extension: (Slides) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (PaperCut Software) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2017-12-01]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Aww) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ceojjgdcmdmcpiplcnbbbjfgplhledhj [2017-12-01]
CHR Extension: (Tampermonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-20]
CHR Extension: (Sheets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Polarr Photo Editor Extension) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhggacdeldojnpbgknpipalghlkbcimk [2018-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-01]
CHR Extension: (Nyoogle - Custom Logo for Google) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ginfoagmgomhccdaclfbbbhfjgmphkph [2017-12-01]
CHR Extension: (Prodigy Math Game) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-12-01]
CHR Extension: (Pixlr Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-12-01]
CHR Extension: (G Suite Training) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2018-05-17]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2018-06-09]
CHR Extension: (ScriptMonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-07-20]
CHR Extension: (Game Emulator Extension) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ldjojcoddnmdmhmannginfnebckohcac [2018-05-17]
CHR Extension: (SketchUp for Schools) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfhlekccjamfkfmjgnpbdjpecanfbjkl [2018-03-28]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Classroom) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2017-12-01]
CHR Extension: (Browser Pets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mhgallfjacflgalnbpcpmnfibodgbdkc [2018-03-28]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-01]
CHR Extension: (Sumopaint - Online Image Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlfedaecajcncfkjfllofcfcjfhiopim [2018-06-18]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-06-18]
CHR Extension: (Animate Images) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlkcmaaodnfcjhadligkpdlgkpkjneni [2017-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Flat for Education - Music notation editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nomkpimaohgaamiipecibpchogmfhgba [2017-12-01]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Extension: (Snapverter) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2017-12-01]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-03-17]
CHR Extension: (Slides) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (PaperCut Software) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2017-12-01]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Aww) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ceojjgdcmdmcpiplcnbbbjfgplhledhj [2017-12-01]
CHR Extension: (Tampermonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-20]
CHR Extension: (Sheets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Polarr Plugin: Edit Any Photo on the Internet) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fhggacdeldojnpbgknpipalghlkbcimk [2017-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
CHR Extension: (Nyoogle - Custom Logo for Google) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ginfoagmgomhccdaclfbbbhfjgmphkph [2017-12-01]
CHR Extension: (Prodigy Math Game) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-12-01]
CHR Extension: (Pixlr Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-12-01]
CHR Extension: (G Suite Training) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2017-12-17]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2017-12-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-01-16]
CHR Extension: (Adorable Hamster Pet) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khmhiilheedbaffkfhjjodneogdaehfa [2017-12-01]
CHR Extension: (ScriptMonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-07-20]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Classroom) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2017-12-01]
CHR Extension: (Browser Pets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhgallfjacflgalnbpcpmnfibodgbdkc [2017-12-01]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-01]
CHR Extension: (Sumo Paint) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mlfedaecajcncfkjfllofcfcjfhiopim [2017-12-01]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-01-13]
CHR Extension: (Animate Images) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlkcmaaodnfcjhadligkpdlgkpkjneni [2017-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-01]
CHR Extension: (Flat for Education - Music notation editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nomkpimaohgaamiipecibpchogmfhgba [2017-12-01]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-15]
CHR Extension: (Snapverter) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2017-12-01]
CHR Extension: (Wolf Theme) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnncgdlhhlohgiokcchmaodpmbpcopai [2017-12-01]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2015-04-09] (Broadcom Corporation.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2054360 2017-12-12] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-11-05] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83384 2014-12-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [97208 2014-12-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90552 2014-12-31] (Intel Corporation)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283568 2015-11-05] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-11-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [64312 2013-09-04] (ASUS Corporation)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [119784 2015-08-27] (ASUS Corporation)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2013-10-16] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23040 2015-07-10] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [334848 2013-08-22] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-08] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44472 2014-12-31] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25528 2014-12-31] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28088 2014-12-31] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36280 2014-12-31] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80824 2014-12-31] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [182200 2014-12-31] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [17408 2013-08-21] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
S3 iaiospi; C:\WINDOWS\System32\drivers\iaiospi.sys [50688 2013-08-23] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [88064 2013-08-21] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44096 2015-07-20] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [242176 2013-08-26] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35392 2015-07-20] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [220896 2018-07-21] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-08-21] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38400 2013-08-22] (Intel Corporation)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [46592 2013-08-21] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-21] (Realtek Semiconductor Corp.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2017-10-10] (The OpenVPN Project)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [76304 2013-08-03] (Intel Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-22 18:51 - 2018-07-22 18:51 - 000016148 _____ C:\WINDOWS\system32\QZHENG168_Quan_HistoryPrediction.bin
2018-07-22 15:43 - 2018-07-22 15:51 - 007417040 _____ (Malwarebytes) C:\Users\Quan\Downloads\adwcleaner_7.2.2.exe
2018-07-22 15:42 - 2018-07-22 15:42 - 007395536 _____ (Malwarebytes) C:\Users\Quan\Downloads\AdwCleaner.exe
2018-07-22 12:11 - 2018-07-22 12:11 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-07-22 12:10 - 2018-07-22 14:43 - 000000000 ____D C:\ProgramData\RogueKiller
2018-07-22 12:10 - 2018-07-22 12:10 - 000001068 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-07-22 12:10 - 2018-07-22 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-07-22 12:10 - 2018-07-22 12:10 - 000000000 ____D C:\Program Files\RogueKiller
2018-07-22 12:08 - 2018-07-22 12:09 - 036751000 _____ (Adlice Software ) C:\Users\Quan\Downloads\RogueKiller_setup_ref3.exe
2018-07-22 12:08 - 2018-07-22 12:08 - 000039263 _____ C:\Users\Quan\Downloads\ja.mdp
2018-07-21 21:24 - 2018-07-21 21:25 - 000039828 _____ C:\Users\Quan\Downloads\Addition.txt
2018-07-21 21:22 - 2018-07-21 21:25 - 000039733 _____ C:\Users\Quan\Downloads\FRST.txt
2018-07-21 21:21 - 2018-07-22 19:00 - 000000000 ____D C:\Users\Quan\Downloads\FRST-OlderVersion
2018-07-21 21:21 - 2018-07-22 19:00 - 000000000 ____D C:\FRST
2018-07-21 21:20 - 2018-07-21 21:21 - 001773056 _____ (Farbar) C:\Users\Quan\Downloads\FRST.exe
2018-07-21 21:20 - 2018-07-21 21:20 - 001753600 _____ (Farbar) C:\Users\Quan\Desktop\FRST.exe
2018-07-21 19:48 - 2018-07-22 15:55 - 000000000 ____D C:\Users\Quan\AppData\LocalLow\uTorrent
2018-07-20 13:48 - 2018-07-22 15:55 - 000001332 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReadingModeWatchDogShortcut.lnk
2018-07-20 12:41 - 2018-07-20 12:41 - 000001897 _____ C:\Users\Quan\Downloads\niche_a_genetics_survival_game_wings_and_whale-hi2u.torrent
2018-07-20 12:38 - 2018-07-20 12:38 - 000000341 _____ C:\Users\Quan\Downloads\niche_a_genetics_survival_game_wings_and_whale-hi2u_PQ4ST0.torrent
2018-07-20 12:19 - 2018-07-20 12:25 - 633474551 _____ C:\Users\Quan\Downloads\niche (1).rar
2018-07-20 11:37 - 2018-07-20 12:48 - 000000000 ____D C:\Program Files\Niche a genetics survival game
2018-07-20 10:30 - 2018-07-20 12:41 - 000000000 ____D C:\Users\Quan\Downloads\Niche.A.Genetics.Survival.Game.Wings.and.Whale-HI2U
2018-07-20 10:30 - 2018-07-20 10:30 - 000000002 _____ C:\Users\Quan\AppData\Local\imw.ini
2018-07-20 10:24 - 2018-07-22 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-07-20 10:24 - 2018-07-22 15:54 - 000000000 ____D C:\ProgramData\Lavasoft
2018-07-20 10:24 - 2018-07-22 15:54 - 000000000 ____D C:\Program Files\Lavasoft
2018-07-20 10:24 - 2018-07-22 14:38 - 000000000 ____D C:\Users\Quan\AppData\Roaming\Lavasoft
2018-07-20 10:24 - 2018-07-20 10:24 - 000002681 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\Users\Quan\AppData\Local\Lavasoft
2018-07-20 10:23 - 2018-07-22 19:01 - 000000000 ____D C:\Users\Quan\AppData\Roaming\uTorrent
2018-07-19 20:20 - 2018-07-19 20:20 - 000001277 _____ C:\Users\Public\Desktop\MediBang Paint Pro.lnk
2018-07-19 20:20 - 2018-07-19 20:20 - 000000000 ____D C:\Users\Quan\AppData\Local\Medibang
2018-07-19 20:20 - 2018-07-19 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medibang
2018-07-19 20:20 - 2018-07-18 16:48 - 000600272 _____ C:\WINDOWS\system32\MdpThumb32.dll
2018-07-19 20:19 - 2018-07-19 20:19 - 000000000 ____D C:\Program Files\Medibang
2018-07-19 20:18 - 2018-07-19 20:19 - 035660816 _____ (Medibang ) C:\Users\Quan\Downloads\MediBangPaintProSetup-17.0-32bit.exe
2018-07-18 19:20 - 2018-07-18 19:20 - 000150224 _____ C:\WINDOWS\Minidump\071818-28046-01.dmp
2018-07-18 12:59 - 2018-07-18 13:00 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-07-18 12:56 - 2018-07-18 12:56 - 000000000 ____D C:\Program Files\Common Files\Java
2018-07-13 08:53 - 2018-07-14 08:49 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-07-10 17:59 - 2018-07-10 17:59 - 000000000 ____D C:\Users\Quan\AppData\Roaming\Python
2018-07-10 17:58 - 2018-07-13 11:34 - 000000000 ____D C:\Users\Quan\AppData\Roaming\NexonLauncher
2018-07-10 17:58 - 2018-07-10 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2018-07-10 17:58 - 2018-07-10 17:58 - 000000000 ____D C:\Program Files\Nexon
2018-07-10 09:41 - 2018-07-21 17:42 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-09 17:31 - 2018-07-09 17:32 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-05 11:00 - 2018-07-05 11:00 - 000000000 ____D C:\Users\Quan\AppData\Local\Bluestacks
2018-06-29 13:19 - 2018-06-29 13:19 - 000000000 ____D C:\Users\Quan\AppData\Roaming\SYSTEMAX Software Development
2018-06-29 13:19 - 2018-06-29 13:19 - 000000000 ____D C:\ProgramData\SYSTEMAX Software Development
2018-06-29 13:18 - 2018-06-29 13:18 - 000000622 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2018-06-24 17:17 - 2018-06-24 17:18 - 000000000 ____D C:\AdwCleaner
2018-06-24 17:16 - 2018-07-22 09:21 - 000002091 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-24 17:16 - 2018-07-10 09:40 - 000129248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-06-24 17:16 - 2018-06-24 17:17 - 007372496 _____ (Malwarebytes) C:\Users\Quan\Downloads\adwcleaner_7.2.0.exe
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-22 16:06 - 2018-06-22 16:06 - 000000000 ____D C:\Users\Quan\AppData\Roaming\com.lunime.gachaversepc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-22 18:51 - 2015-11-04 14:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-22 16:51 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-22 15:55 - 2015-11-05 09:59 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-07-22 15:55 - 2015-11-04 15:57 - 000000000 __SHD C:\Users\Quan\IntelGraphicsProfiles
2018-07-22 15:54 - 2015-07-20 19:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-22 15:54 - 2015-07-10 02:59 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2018-07-21 21:15 - 2015-07-10 04:28 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-21 21:15 - 2014-01-08 20:34 - 000000000 ____D C:\Users\Quan\AppData\Local\Packages
2018-07-21 17:34 - 2015-11-04 14:41 - 000000000 ____D C:\Users\Quan
2018-07-20 13:57 - 2015-07-10 04:27 - 000000000 ____D C:\WINDOWS\INF
2018-07-20 12:10 - 2017-12-01 20:55 - 000000000 ____D C:\Users\Quan\Desktop\Kylan
2018-07-20 11:57 - 2014-01-08 20:36 - 000000000 __RDO C:\Users\Quan\SkyDrive
2018-07-19 19:55 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-19 08:50 - 2015-11-04 17:49 - 000002358 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-18 19:20 - 2015-11-05 09:58 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-18 13:00 - 2014-04-23 15:51 - 000000000 ____D C:\Program Files\Java
2018-07-18 12:59 - 2014-07-21 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 12:53 - 2014-07-21 14:44 - 000096632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2018-07-16 18:02 - 2014-01-09 20:41 - 000480888 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-10 18:31 - 2014-01-10 13:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 18:03 - 2014-01-10 13:34 - 131626216 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 16:17 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-09 17:31 - 2018-05-25 07:53 - 000000000 __SHD C:\OSRSS
2018-07-09 17:31 - 2017-12-17 09:57 - 000000000 ____D C:\WINDOWS\Panther
2018-06-27 12:02 - 2018-01-23 21:50 - 000105952 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-06-26 16:17 - 2014-01-08 21:43 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-24 17:08 - 2018-02-11 20:52 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== Files in the root of some directories =======

2015-07-10 04:25 - 2015-07-10 04:25 - 000058368 ____N (Microsoft Corporation) C:\Users\Quan\MiiniNBAeH.exe
2015-07-10 04:25 - 2015-07-10 04:25 - 000180736 ____N (Microsoft Corporation) C:\Users\Quan\AppData\Roaming\AnEB.exe
2015-07-10 04:25 - 2015-07-10 04:25 - 000058368 ____N (Microsoft Corporation) C:\Users\Quan\AppData\Roaming\zbEIkooQJeZ.exe
2018-07-20 10:30 - 2018-07-20 10:30 - 000000002 _____ () C:\Users\Quan\AppData\Local\imw.ini

Some files in TEMP:
====================
2018-05-03 17:55 - 2018-05-03 17:55 - 000007224 _____ () C:\Users\Quan\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2018-02-01 08:54 - 2018-02-01 08:54 - 000290304 _____ (Microsoft Corporation) C:\Users\Quan\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2018-07-22 12:10 - 2016-10-25 04:11 - 001537112 _____ (Microsoft Corporation) C:\Users\Quan\AppData\Local\Temp\dllnt_dump.dll
2017-09-08 12:04 - 2017-09-08 12:04 - 001856576 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-12-19 23:57 - 2017-12-19 23:57 - 001864256 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-05-01 17:11 - 2018-05-01 17:11 - 001884616 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-07-18 12:49 - 2018-07-18 12:49 - 001906040 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-07-20 10:24 - 2018-07-20 10:24 - 000355224 _____ (Lavasoft) C:\Users\Quan\AppData\Local\Temp\offer-FB4BFE09-89FC-4F4D-B3CD-D0B093DEF7816.exe
2018-05-28 16:42 - 2017-11-27 04:50 - 002458736 _____ () C:\Users\Quan\AppData\Local\Temp\Uninstall.exe
2018-07-21 09:07 - 2018-07-22 09:24 - 000958776 _____ (adaware) C:\Users\Quan\AppData\Local\Temp\WCU009.exe
2016-10-18 12:38 - 2018-01-25 21:21 - 006242320 _____ (Microsoft Corporation) C:\Users\Quan\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-04 14:35

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Quan (22-07-2018 19:02:42)
Running from C:\Users\Quan\Downloads\FRST-OlderVersion
Microsoft Windows 10 Home 10240.17202 (X86) (2015-11-04 19:57:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-48903865-4041566842-226505006-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-48903865-4041566842-226505006-503 - Limited - Disabled)
Guest (S-1-5-21-48903865-4041566842-226505006-501 - Limited - Disabled)
Quan (S-1-5-21-48903865-4041566842-226505006-1001 - Administrator - Enabled) => C:\Users\Quan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Reading Mode (HKLM\...\{47CE1F58-C6AB-4316-BFA1-1D64CCE674B1}) (Version: 1.0.1 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Med_Term_QandC (HKLM\...\{E43AB9AE-C27C-4509-F17B-A81D07718D98}) (Version: 1.0 - UNKNOWN)
MediBang Paint Pro 17.0 (32-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 17.0 - Medibang)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5031.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version: - )
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9400.4028 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.27.0 - Adlice Software)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
UpdateAssistant (HKLM\...\{82C4F331-0AF5-4BDA-AA1B-A2182789FEBA}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{8AE27BD2-CECE-4DA0-BA9F-C9535E622689}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
Web Companion (HKLM\...\{f9124e31-5a6d-4c9c-81da-5ccd6494697a}) (Version: 4.3.1865.3518 - Lavasoft)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (08/06/2015 8.0.0.19) (HKLM\...\149F37A1996406108DA0EB71D7EBC48895119059) (Version: 08/06/2015 8.0.0.19 - ASUS)
Windows Setup Remediations (x86) (KB4023057) (HKLM\...\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb) (Version: - )
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-48903865-4041566842-226505006-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Quan\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-48903865-4041566842-226505006-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-05] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B522455-FA79-470D-9911-72A0012EAB23} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {14A4C36B-D859-44E8-8689-5A63A8049A5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {25A7CA08-BD8C-49B8-A99E-0EA2A79D26C4} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-10-14] (ASUSTek Computer INC.)
Task: {44D7644E-7556-44BA-9BB3-961D09203FD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DB86A88-B7AB-4B33-B512-F90222287C0A} - System32\Tasks\Asus Reading Mode => C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe [2013-08-26] ()
Task: {5BAF4D51-D5BB-4FEE-B94D-01CFBBE1E69F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D7BD0D3-2B1B-4BE8-BFD9-FE2FD7DD735D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {661A2FBE-3BC8-43F5-9D6C-C82F916D75B9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {70015984-574C-4149-8796-37EC6306F9A5} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe [2018-04-07] (Microsoft Corporation)
Task: {7EE74B3B-100A-4C37-8F8E-CBE4E16A4295} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81C1E26B-96F1-45B6-A1F4-AFD44FB79110} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8723724A-786E-4344-ADA5-1973FA70CF49} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {882A8DAE-7414-4F9A-9E65-5F7FAF92B8FE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-27] (AsusTek)
Task: {8A4F75EE-25F1-43DA-88A0-EE2631FC0AA8} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {8F10F4DA-69B5-45BC-B819-A434E203B83D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {96167C29-A5BC-4BDA-94DE-066F41F51FAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {99FBC4AF-9D9B-4828-8D4F-F3BC6981C807} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9A464781-2051-4282-B39C-4DA5501A0AB5} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {A3C438EA-443B-4CAE-9D6C-C707E6B25906} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {ACDDC380-4236-4D41-A555-51BF3F82403E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B02A304F-7F5C-4187-B9CD-3583855882D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8D42387-499E-4D45-BEF0-1FA9995110EC} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {BB82E66E-BF4F-444C-8D26-E1BB9AD2F267} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {C38F2A60-1325-4DF6-9A1C-037DE60CF016} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C8A9F023-4E6B-45DB-ADE0-4D75B947D010} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFE98C95-34A7-469D-AE53-FCC1B3F53889} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {ED10F6FE-706B-4E92-8C1B-7264CF72B417} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {F97C0010-0E49-40F4-84BB-F8BA83460D95} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {FC932216-D72C-4863-9B95-9BB88F754E40} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FFE16032-2E3C-4233-AF54-9C53AA6D81A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 4 - OA, OP\assigned readings\Calcium Calculator™ _ BC Dairy Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://bcdairy.ca/nutritioneducation/calciumcalculator/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\Basic Meal Planning _ Canadian Diabetes Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.diabetes.ca/diabetes-and-you/healthy-living-resources/diet-nutrition/basic-meal-planning
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\CDA Clinical Practice Guidelines - Patient Resources.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://guidelines.diabetes.ca/PatientResources
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM206-MTM 3\Lab\Lab 3 - diabetes\resources\Guidelines for Minor Ailment Prescribing - University of Saskatchewan.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.medsask.usask.ca/professional/guidelines/index.php
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM204\Lectures\Canadian Stroke Best Practice Recommendations.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.strokebestpractices.ca/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\summer 2015 folder\PHM203\Workshops\Workshop 1 - meningitis\literature\CARA_ Canadian Antimicrobial Resistance Alliance.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.can-r.com/study.php?study=antb2013
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\previous year\PHM204\Lectures\Canadian Stroke Best Practice Recommendations.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.strokebestpractices.ca/
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\previous year\PHM203\Workshops\Workshop 1 - meningitis\literature\CARA_ Canadian Antimicrobial Resistance Alliance.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.can-r.com/study.php?study=antb2013
ShortcutWithArgument: C:\Users\Quan\Dropbox (Old)\2016-Year 2-Second Semester\PHM206-MTM 3\labs\lab 3-OA-OP-pain\previous ones\assigned readings\Calcium Calculator™ _ BC Dairy Association.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://bcdairy.ca/nutritioneducation/calciumcalculator/
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sumo Paint.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mlfedaecajcncfkjfllofcfcjfhiopim
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\WOLFY1000 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Quan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ebd56dad7f13a36\Skype.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lifbcibllhkdhoafpjfnlhfpfgnpldfl

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 04:24 - 2015-07-10 04:24 - 000022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-09 23:57 - 2015-09-09 23:57 - 000025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 04:25 - 2015-07-10 04:25 - 000007680 _____ () C:\Windows\System32\WppRecorderUM.dll
2016-11-11 10:21 - 2016-10-25 02:17 - 000301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-04-11 22:15 - 2017-01-17 02:17 - 000090304 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2018-06-24 17:16 - 2018-07-10 09:40 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-12-31 16:37 - 2016-11-19 04:52 - 001766496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-08-26 14:53 - 2013-08-26 14:53 - 000056320 _____ () C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe
2013-08-26 14:53 - 2013-08-26 14:53 - 000394752 _____ () C:\Program Files\ASUS\ASUS Reading Mode\CCTReaderMode.dll
2013-08-26 14:53 - 2013-08-26 14:53 - 000113152 _____ () C:\Program Files\ASUS\ASUS Reading Mode\AppVisibilityNotifyLib_x86.dll
2015-01-04 14:41 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2018-03-28 08:44 - 2018-03-28 08:44 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2018-06-26 16:17 - 2018-06-22 15:04 - 003867480 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 16:17 - 2018-06-22 15:04 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-19 20:19 - 2018-07-18 16:48 - 009557712 _____ () C:\Program Files\Medibang\MediBang Paint Pro\MediBangPaintPro.exe
2016-05-03 21:28 - 2016-05-03 21:28 - 006383616 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-07-20 12:32 - 2018-07-20 12:32 - 000015872 _____ () C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x86__mkdtfchztkfbm\opener-rar.exe
2018-07-20 12:32 - 2018-07-20 12:32 - 003616256 _____ () C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x86__mkdtfchztkfbm\opener-rar.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaiospi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 02:13 - 2018-02-05 09:14 - 000000883 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-48903865-4041566842-226505006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Quan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ASUSPRP"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{220A3A1F-A30E-400B-B444-93CBE0F617D4}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{44A1B72B-F029-447A-A3A3-3CC4F6FE2DE5}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [TCP Query User{D834CBDE-5F3E-4B9C-B404-472C04A53D42}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [TCP Query User{16D8F28E-9DDF-4431-A8D3-DE40ED7E89D7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D7E0C4AA-6476-4EDE-BD92-BF601E75C22C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2914E633-6DC3-4079-9727-B0F72A694100}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D4A283F8-8389-4C39-9FE6-7394C3AA51D8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{879AC395-DD4D-4E56-B7AC-37AF5C8BA32F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FDB2053A-4DC8-4B4B-A37B-92CC2ED9EA42}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88397693-2331-48EC-A6C9-9365D0E95E95}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73F4F95E-3AED-4D27-9735-A38838F5F4C2}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE5E3A53-4A15-436E-93C4-F916A462B266}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AA323F2-7079-45B7-A62E-875AE38E3DFB}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{762EBE2B-9C15-4ABC-B9C2-755D7915949E}] => (Allow) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71008269-8E71-4794-AF4A-05B0C6BAB563}] => (Allow) C:\WINDOWS\system32\msiexec.exe
FirewallRules: [{8FBBDBBC-2B20-43D8-A403-B631F1A1C256}] => (Allow) C:\Users\Quan\MiiniNBAeH.exe
FirewallRules: [{B5C3B04A-6065-466B-8FDB-9DD6F429FA92}] => (Allow) C:\Users\Quan\AppData\Roaming\zbEIkooQJeZ.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2018 07:00:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: QZHENG168)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147221165 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/22/2018 05:30:49 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6076) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (07/22/2018 05:30:49 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6076) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (07/22/2018 05:30:39 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6076) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (07/22/2018 05:30:39 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6076) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (07/22/2018 05:30:28 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6076) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (07/22/2018 05:30:28 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6076) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (07/22/2018 05:30:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6076) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (07/22/2018 06:54:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (07/22/2018 06:45:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.

Error: (07/22/2018 06:43:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.

Error: (07/22/2018 06:28:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.

Error: (07/22/2018 06:18:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrYNSvc service.

Error: (07/22/2018 06:10:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (07/22/2018 05:39:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (07/22/2018 05:30:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-07-19 21:54:05.072
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {603FD5E5-BD0F-4672-B561-AD8B82D4AC21}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-17 22:32:31.803
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6B1801B7-1516-49E1-8F61-C8A7E8EC4CAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-16 21:30:16.498
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {66B39E0C-A816-4C93-990A-5A5BA5E6DE17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-13 22:26:06.390
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {03CD4BCF-A329-4F0B-AD74-6419C50EC091}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-13 18:38:41.398
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {213D811C-74FF-42B1-8856-211AFC0EDCD1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-17 09:51:00.476
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1363.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-06-17 09:51:00.475
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1363.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-21 13:30:26.751
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1212.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

Date: 2018-05-21 13:30:26.741
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1212.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

Date: 2018-05-21 13:30:22.653
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80070714
Error description: The specified image file did not contain a resource section.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 84%
Total physical RAM: 1933.16 MB
Available physical RAM: 301.98 MB
Total Virtual: 3866.31 MB
Available Virtual: 1339.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.21 GB) (Free:2.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:29.81 GB) (Free:6.19 GB) FAT32

\\?\Volume{3187bda6-72f5-433e-b695-629fed78702f}\ (Recovery) (Fixed) (Total:0.68 GB) (Free:0.31 GB) NTFS
\\?\Volume{3f6e9275-df6c-41c3-b517-b882603c962c}\ (Restore) (Fixed) (Total:7.03 GB) (Free:1.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: E5991876)

Partition: GPT.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 5ADA625F)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.4 KB · Views: 2
Yes, wherever you have FRST file you have to put "fixlist". Otherwise it won't work.
 
I got a message saying this
The following error occurred:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
 
You must log in or register to reply here.

Similar threads

A
Nvidia advises crash-prone gamers to look to Intel for assistance
2
Replies
38
Views
454
HardReset
H
midian182
  • Locked
The MPA plans to collaborate with Congress on piracy website-blocking legislation
2
Replies
35
Views
484
Squid Surprise
Squid Surprise
A
A clever Google-hosted, malicious ad fakes the KeePass website
Replies
3
Views
309
Fastturtle
F

Latest posts

Back