Solved I can’t open antivirus or any website related to it for windows

[Shadoewolf]

I keep trying to open the antivirus(malbytes)but it opens for second and then the window disappears when I search anything related to a antivirus my chrome crashes and also random websites appear in the tabs
When I go to a website that has a virus scan.laptop It crashes chrome

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Shadoewolf]

I can’t scan anything when I do it exits out

 

[Broni]

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Shadoewolf]

The brand is asus so once the name pops up I keep pressing f8

 

[Broni]

What Windows version is it?

 

[Shadoewolf]

Ok so I managed to some how be able to scan on malware bytes

 

[Broni]

OK

 

[Shadoewolf]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/21/18
Scan Time: 7:53 PM
Log File: 391b6af6-8d41-11e8-8d50-d850e6ed566d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6003
License: Expired

-System Information-
OS: Windows 10 (Build 10240.17202)
CPU: x86
File System: NTFS
User: QZHENG168\Quan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 224624
Threats Detected: 54
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\CLSID\{D7C6C53B-C335-417f-ABB8-F5A157F92EA0}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\IsLicense50.IsLicenseMgr, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\IsLicense50.IsLicenseMgr.1, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\TYPELIB\{8D732308-066E-4E85-9D5C-4410EB6BFDBC}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\INTERFACE\{3C4ABAB8-F6D3-4BC3-922D-43715A228CC2}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\CLSID\{D7C6C53B-C335-417f-ABB8-F5A157F92EA0}\InprocServer32, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinThruster_is1, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [220], [236865],1.0.6003
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [220], [236865],1.0.6003

Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [220], [236865],1.0.6003
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, [220], [236865],1.0.6003

Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [220], [293058],1.0.6003

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.WinThruster, C:\PROGRAM FILES\WINTHRUSTER, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINTHRUSTER, No Action By User, [1453], [182299],1.0.6003

File: 40
PUP.Optional.WinThruster, C:\USERS\PUBLIC\DESKTOP\WINTHRUSTER.LNK, No Action By User, [1453], [260282],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_no.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\help.ico, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\IsLicense50.dll, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ar.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_br.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_cs.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_da.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_de.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_el.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_en.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_es.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_fi.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_fr.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_hu.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_it.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ja.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ko.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_nl.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pl.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pt-br.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pt.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ro.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\local_ru.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_sv.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_tr.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_zh-cn.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_zh-tw.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\PerformanceMonitor.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Post _Scan_Notification_English.wav, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.dat, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.msg, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\WinThruster.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\WinThruster.ini, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\WinThruster.lnk, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\Uninstall WinThruster.lnk, No Action By User, [1453], [182299],1.0.6003
PUP.Optional.WinThruster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\WinThruster.lnk, No Action By User, [1453], [182299],1.0.6003
PUP.Optional.WinThruster, C:\USERS\QUAN\DOWNLOADS\SETUP_WINTHRUSTER_2018.EXE, No Action By User, [1453], [461226],1.0.6003

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Shadoewolf]

-Log Details-
Scan Date: 7/21/18
Scan Time: 7:53 PM
Log File: 391b6af6-8d41-11e8-8d50-d850e6ed566d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6003
License: Expired

-System Information-
OS: Windows 10 (Build 10240.17202)
CPU: x86
File System: NTFS


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 224624
Threats Detected: 54
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\CLSID\{D7C6C53B-C335-417f-ABB8-F5A157F92EA0}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\IsLicense50.IsLicenseMgr, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\IsLicense50.IsLicenseMgr.1, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\TYPELIB\{8D732308-066E-4E85-9D5C-4410EB6BFDBC}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\INTERFACE\{3C4ABAB8-F6D3-4BC3-922D-43715A228CC2}, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\CLASSES\CLSID\{D7C6C53B-C335-417f-ABB8-F5A157F92EA0}\InprocServer32, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinThruster_is1, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [220], [236865],1.0.6003
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [220], [236865],1.0.6003

Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [220], [236865],1.0.6003
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, [220], [236865],1.0.6003

Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-48903865-4041566842-226505006-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [220], [293058],1.0.6003

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.WinThruster, C:\PROGRAM FILES\WINTHRUSTER, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINTHRUSTER, No Action By User, [1453], [182299],1.0.6003

File: 40
PUP.Optional.WinThruster, C:\USERS\PUBLIC\DESKTOP\WINTHRUSTER.LNK, No Action By User, [1453], [260282],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_no.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\help.ico, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\IsLicense50.dll, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ar.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_br.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_cs.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_da.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_de.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_el.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_en.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_es.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_fi.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_fr.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_hu.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_it.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ja.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ko.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_nl.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pl.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pt-br.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_pt.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_ro.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\local_ru.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_sv.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_tr.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_zh-cn.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Local_zh-tw.xml, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\PerformanceMonitor.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\Post _Scan_Notification_English.wav, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.dat, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.msg, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\WinThruster.exe, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\Program Files\WinThruster\WinThruster.ini, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\WinThruster.lnk, No Action By User, [1453], [182298],1.0.6003
PUP.Optional.WinThruster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\Uninstall WinThruster.lnk, No Action By User, [1453], [182299],1.0.6003
PUP.Optional.WinThruster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\WinThruster.lnk, No Action By User, [1453], [182299],1.0.6003
PUP.Optional.WinThruster, C:\USERS\QUAN\DOWNLOADS\SETUP_WINTHRUSTER_2018.EXE, No Action By User, [1453], [461226],1.0.6003

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Shadoewolf]

Also a random website popped up on my tab

 

[Broni]

Your log says "No Action By User". Didn't you fix all issues?

 

[Shadoewolf]

There all in quarantine

 

[Shadoewolf]

And should I delete I just want to make sure before

 

[Broni]

See if you can run FRST now.

 

[Shadoewolf]

So it only lets me run a Threat scan is it the same as a frst text for the results?

 

[Shadoewolf]

Or should I try another antivirus software

 

[Shadoewolf]

Umm I just did a scan and this appered

 

[Shadoewolf]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/21/18
Scan Time: 8:39 PM
Log File: b27e9a70-8d47-11e8-afdc-d850e6ed566d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6005
License: Expired

-System Information-
OS: Windows 10 (Build 10240.17202)
CPU: x86
File System: NTFS


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 224754
Threats Detected: 16
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{90B0B13C-B698-461F-12C1-6371E010A425}, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A8854D-86D9-460E-9ACE-B456554E6EC7}, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21A8854D-86D9-460E-9ACE-B456554E6EC7}, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C4B4B425-1E59-077D-67F7-1328CABBA13B}, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C10482F3-5A54-4D61-A1BF-ED6C063A39E0}, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C10482F3-5A54-4D61-A1BF-ED6C063A39E0}, No Action By User, [14170], [-1],0.0.0

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 10
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{90B0B13C-B698-461F-12C1-6371E010A425}, No Action By User, [14170], [543858],1.0.6005
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, No Action By User, [14170], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{C4B4B425-1E59-077D-67F7-1328CABBA13B}, No Action By User, [14170], [-1],0.0.0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Broni]

I'm talking about FRST from here...

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[Broni]

...and don't post multiple logs. Because you're a new member your posts with logs have to be approved.

 

[Shadoewolf]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Quan (administrator) on QZHENG168 (21-07-2018 21:22:07)
Running from C:\Users\Quan\Downloads
Loaded Profiles: Quan (Available Profiles: Quan)
Platform: Microsoft Windows 10 Home 10240.17202 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(BitTorrent Inc.) C:\Users\Quan\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Nexon America) C:\Program Files\Nexon\Nexon Launcher\nexon_runtime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Nexon America Inc.) C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Nexon America Inc.) C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe
(Nexon America Inc.) C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe
(Nexon America Inc.) C:\Program Files\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

[Shadoewolf]

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-31] (Intel Corporation)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-09-05] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2653912 2013-07-16] (Realtek Semiconductor)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [GoogleChromeAutoLaunch_C9B322562CECB97BE12471C4C78F3635] => C:\Program Files\Google\Chrome\Application\chrome.exe [1458008 2018-06-22] (Google Inc.)
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [4399GameHall] => C:\Users\Quan\AppData\Local\4399\4399GameHall\4399GameHall.exe
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [uTorrent] => C:\Users\Quan\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-07-20] (BitTorrent Inc.)
HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7717480 2018-07-20] (Lavasoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2018-07-10]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cf5a1fd-95b7-41c8-bf4f-66aaad4bcf83}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40a6eca6-797a-43d6-94b7-d2f9655a7ec3}: [DhcpNameServer] 13.6.0.99
Tcpip\..\Interfaces\{f92562d8-a64b-4ba8-bdbf-5a6db852a0ca}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-48903865-4041566842-226505006-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-48903865-4041566842-226505006-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-03-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-48903865-4041566842-226505006-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Quan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2018-05-12] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default [2018-07-21]
CHR Extension: (Google Translate) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-05-06]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Skype Calling) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-06]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Honey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-07-15]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-06-08]
CHR Extension: (Google Search) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tampermonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (ScriptMonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-07-20]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-17]
CHR Extension: (Google Hangouts) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-06-30]
CHR Extension: (Slides) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (PaperCut Software) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2017-12-01]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Aww) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ceojjgdcmdmcpiplcnbbbjfgplhledhj [2017-12-01]
CHR Extension: (Tampermonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-20]
CHR Extension: (Sheets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Polarr Photo Editor Extension) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhggacdeldojnpbgknpipalghlkbcimk [2018-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-01]
CHR Extension: (Nyoogle - Custom Logo for Google) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ginfoagmgomhccdaclfbbbhfjgmphkph [2017-12-01]
CHR Extension: (Prodigy Math Game) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-12-01]
CHR Extension: (Pixlr Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-12-01]
CHR Extension: (G Suite Training) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2018-05-17]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2018-06-09]
CHR Extension: (ScriptMonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-07-20]
CHR Extension: (Game Emulator Extension) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ldjojcoddnmdmhmannginfnebckohcac [2018-05-17]
CHR Extension: (SketchUp for Schools) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfhlekccjamfkfmjgnpbdjpecanfbjkl [2018-03-28]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Classroom) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2017-12-01]
CHR Extension: (Browser Pets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mhgallfjacflgalnbpcpmnfibodgbdkc [2018-03-28]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-01]
CHR Extension: (Sumopaint - Online Image Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlfedaecajcncfkjfllofcfcjfhiopim [2018-06-18]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-06-18]
CHR Extension: (Animate Images) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlkcmaaodnfcjhadligkpdlgkpkjneni [2017-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Flat for Education - Music notation editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nomkpimaohgaamiipecibpchogmfhgba [2017-12-01]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Extension: (Snapverter) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2017-12-01]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-03-17]
CHR Extension: (Slides) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (PaperCut Software) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2017-12-01]
CHR Extension: (Docs) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Aww) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ceojjgdcmdmcpiplcnbbbjfgplhledhj [2017-12-01]
CHR Extension: (Tampermonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-20]
CHR Extension: (Sheets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Polarr Plugin: Edit Any Photo on the Internet) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fhggacdeldojnpbgknpipalghlkbcimk [2017-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
CHR Extension: (Nyoogle - Custom Logo for Google) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ginfoagmgomhccdaclfbbbhfjgmphkph [2017-12-01]
CHR Extension: (Prodigy Math Game) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-12-01]
CHR Extension: (Pixlr Editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-12-01]
CHR Extension: (G Suite Training) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2017-12-17]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2017-12-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-01-16]
CHR Extension: (Adorable Hamster Pet) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khmhiilheedbaffkfhjjodneogdaehfa [2017-12-01]
CHR Extension: (ScriptMonkey) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-07-20]
CHR Extension: (Skype) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Google Classroom) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2017-12-01]
CHR Extension: (Browser Pets) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhgallfjacflgalnbpcpmnfibodgbdkc [2017-12-01]
CHR Extension: (Google Drawings) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-12-01]
CHR Extension: (Sumo Paint) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mlfedaecajcncfkjfllofcfcjfhiopim [2017-12-01]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-01-13]
CHR Extension: (Animate Images) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlkcmaaodnfcjhadligkpdlgkpkjneni [2017-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-01]
CHR Extension: (Flat for Education - Music notation editor) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nomkpimaohgaamiipecibpchogmfhgba [2017-12-01]
CHR Extension: (Gmail) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-15]
CHR Extension: (Snapverter) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2017-12-01]
CHR Extension: (Wolf Theme) - C:\Users\Quan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnncgdlhhlohgiokcchmaodpmbpcopai [2017-12-01]
CHR Profile: C:\Users\Quan\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2015-04-09] (Broadcom Corporation.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2054360 2017-12-12] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-11-05] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83384 2014-12-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [97208 2014-12-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90552 2014-12-31] (Intel Corporation)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283568 2015-11-05] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-07-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-11-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [64312 2013-09-04] (ASUS Corporation)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [119784 2015-08-27] (ASUS Corporation)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2013-10-16] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23040 2015-07-10] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [334848 2013-08-22] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-08] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44472 2014-12-31] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25528 2014-12-31] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28088 2014-12-31] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36280 2014-12-31] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80824 2014-12-31] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [182200 2014-12-31] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [17408 2013-08-21] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
S3 iaiospi; C:\WINDOWS\System32\drivers\iaiospi.sys [50688 2013-08-23] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [88064 2013-08-21] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44096 2015-07-20] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [242176 2013-08-26] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35392 2015-07-20] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [220896 2018-07-21] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-08-21] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38400 2013-08-22] (Intel Corporation)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [46592 2013-08-21] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-21] (Realtek Semiconductor Corp.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2017-10-10] (The OpenVPN Project)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [76304 2013-08-03] (Intel Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-21 21:22 - 2018-07-21 21:22 - 000029274 _____ C:\Users\Quan\Downloads\FRST.txt
2018-07-21 21:21 - 2018-07-21 21:22 - 000000000 ____D C:\FRST
2018-07-21 21:21 - 2018-07-21 21:21 - 000000000 ____D C:\Users\Quan\Downloads\FRST-OlderVersion
2018-07-21 21:20 - 2018-07-21 21:21 - 001773056 _____ (Farbar) C:\Users\Quan\Downloads\FRST.exe
2018-07-21 19:57 - 2018-07-21 19:57 - 000016148 _____ C:\WINDOWS\system32\QZHENG168_Quan_HistoryPrediction.bin
2018-07-21 19:48 - 2018-07-21 19:48 - 000000000 ____D C:\Users\Quan\AppData\LocalLow\uTorrent
2018-07-20 13:48 - 2018-07-21 19:49 - 000001332 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReadingModeWatchDogShortcut.lnk
2018-07-20 12:41 - 2018-07-20 12:41 - 000001897 _____ C:\Users\Quan\Downloads\niche_a_genetics_survival_game_wings_and_whale-hi2u.torrent
2018-07-20 12:38 - 2018-07-20 12:38 - 000000341 _____ C:\Users\Quan\Downloads\niche_a_genetics_survival_game_wings_and_whale-hi2u_PQ4ST0.torrent
2018-07-20 12:19 - 2018-07-20 12:25 - 633474551 _____ C:\Users\Quan\Downloads\niche (1).rar
2018-07-20 11:37 - 2018-07-20 12:48 - 000000000 ____D C:\Program Files\Niche a genetics survival game
2018-07-20 11:25 - 2018-07-20 11:25 - 000000000 ____D C:\Users\Quan\AppData\Roaming\WinThruster
2018-07-20 10:30 - 2018-07-20 12:41 - 000000000 ____D C:\Users\Quan\Downloads\Niche.A.Genetics.Survival.Game.Wings.and.Whale-HI2U
2018-07-20 10:30 - 2018-07-20 10:30 - 000000002 _____ C:\Users\Quan\AppData\Local\imw.ini
2018-07-20 10:24 - 2018-07-20 10:24 - 000002681 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\Users\Quan\AppData\Roaming\Lavasoft
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\Users\Quan\AppData\Local\Lavasoft
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\ProgramData\Lavasoft
2018-07-20 10:24 - 2018-07-20 10:24 - 000000000 ____D C:\Program Files\Lavasoft
2018-07-20 10:23 - 2018-07-21 21:19 - 000000000 ____D C:\Users\Quan\AppData\Roaming\uTorrent
2018-07-19 20:20 - 2018-07-19 20:20 - 000001277 _____ C:\Users\Public\Desktop\MediBang Paint Pro.lnk
2018-07-19 20:20 - 2018-07-19 20:20 - 000000000 ____D C:\Users\Quan\AppData\Local\Medibang
2018-07-19 20:20 - 2018-07-19 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medibang
2018-07-19 20:20 - 2018-07-18 16:48 - 000600272 _____ C:\WINDOWS\system32\MdpThumb32.dll
2018-07-19 20:19 - 2018-07-19 20:19 - 000000000 ____D C:\Program Files\Medibang
2018-07-19 20:18 - 2018-07-19 20:19 - 035660816 _____ (Medibang ) C:\Users\Quan\Downloads\MediBangPaintProSetup-17.0-32bit.exe
2018-07-18 19:20 - 2018-07-18 19:20 - 000150224 _____ C:\WINDOWS\Minidump\071818-28046-01.dmp
2018-07-18 12:59 - 2018-07-18 13:00 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-07-18 12:56 - 2018-07-18 12:56 - 000000000 ____D C:\Program Files\Common Files\Java
2018-07-13 08:53 - 2018-07-14 08:49 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-07-10 17:59 - 2018-07-10 17:59 - 000000000 ____D C:\Users\Quan\AppData\Roaming\Python
2018-07-10 17:58 - 2018-07-13 11:34 - 000000000 ____D C:\Users\Quan\AppData\Roaming\NexonLauncher
2018-07-10 17:58 - 2018-07-10 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2018-07-10 17:58 - 2018-07-10 17:58 - 000000000 ____D C:\Program Files\Nexon
2018-07-10 17:58 - 2018-07-10 17:58 - 000000000 _____ C:\end
2018-07-10 09:41 - 2018-07-21 17:42 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-09 17:31 - 2018-07-09 17:32 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-05 11:00 - 2018-07-05 11:00 - 000000000 ____D C:\Users\Quan\AppData\Local\Bluestacks
2018-06-29 13:19 - 2018-06-29 13:19 - 000000000 ____D C:\Users\Quan\AppData\Roaming\SYSTEMAX Software Development
2018-06-29 13:19 - 2018-06-29 13:19 - 000000000 ____D C:\ProgramData\SYSTEMAX Software Development
2018-06-29 13:18 - 2018-06-29 13:18 - 000000622 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2018-06-24 17:17 - 2018-06-24 17:18 - 000000000 ____D C:\AdwCleaner
2018-06-24 17:16 - 2018-07-10 09:40 - 000129248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-06-24 17:16 - 2018-06-24 17:17 - 007372496 _____ (Malwarebytes) C:\Users\Quan\Downloads\adwcleaner_7.2.0.exe
2018-06-24 17:16 - 2018-06-24 17:16 - 000002091 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 17:16 - 2018-06-24 17:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-22 16:06 - 2018-06-22 16:06 - 000000000 ____D C:\Users\Quan\AppData\Roaming\com.lunime.gachaversepc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-21 21:15 - 2015-07-10 04:28 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-21 21:15 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-21 21:15 - 2014-01-08 20:34 - 000000000 ____D C:\Users\Quan\AppData\Local\Packages
2018-07-21 19:49 - 2015-11-05 09:59 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-07-21 19:48 - 2015-11-04 15:57 - 000000000 __SHD C:\Users\Quan\IntelGraphicsProfiles
2018-07-21 17:42 - 2015-07-20 19:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-21 17:41 - 2015-07-10 02:59 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2018-07-21 17:34 - 2015-11-04 14:41 - 000000000 ____D C:\Users\Quan
2018-07-21 17:04 - 2015-11-04 14:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-20 13:57 - 2015-07-10 04:27 - 000000000 ____D C:\WINDOWS\INF
2018-07-20 12:10 - 2017-12-01 20:55 - 000000000 ____D C:\Users\Quan\Desktop\Kylan
2018-07-20 11:57 - 2014-01-08 20:36 - 000000000 __RDO C:\Users\Quan\SkyDrive
2018-07-19 19:55 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-19 08:50 - 2015-11-04 17:49 - 000002358 _____ C:\Users\Quan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-18 19:20 - 2015-11-05 09:58 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-18 13:00 - 2014-04-23 15:51 - 000000000 ____D C:\Program Files\Java
2018-07-18 12:59 - 2014-07-21 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 12:53 - 2014-07-21 14:44 - 000096632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2018-07-16 18:02 - 2014-01-09 20:41 - 000480888 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-10 18:31 - 2014-01-10 13:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 18:03 - 2014-01-10 13:34 - 131626216 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 16:17 - 2015-07-10 04:28 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-09 17:31 - 2018-05-25 07:53 - 000000000 __SHD C:\OSRSS
2018-07-09 17:31 - 2017-12-17 09:57 - 000000000 ____D C:\WINDOWS\Panther
2018-06-27 12:02 - 2018-01-23 21:50 - 000105952 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-06-26 16:17 - 2014-01-08 21:43 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-24 17:08 - 2018-02-11 20:52 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== Files in the root of some directories =======

2015-07-10 04:25 - 2015-07-10 04:25 - 000058368 ____N (Microsoft Corporation) C:\Users\Quan\MiiniNBAeH.exe
2015-07-10 04:25 - 2015-07-10 04:25 - 000180736 ____N (Microsoft Corporation) C:\Users\Quan\AppData\Roaming\AnEB.exe
2015-07-10 04:25 - 2015-07-10 04:25 - 000058368 ____N (Microsoft Corporation) C:\Users\Quan\AppData\Roaming\zbEIkooQJeZ.exe
2018-07-20 10:30 - 2018-07-20 10:30 - 000000002 _____ () C:\Users\Quan\AppData\Local\imw.ini

Some files in TEMP:
====================
2018-05-03 17:55 - 2018-05-03 17:55 - 000007224 _____ () C:\Users\Quan\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2018-02-01 08:54 - 2018-02-01 08:54 - 000290304 _____ (Microsoft Corporation) C:\Users\Quan\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2017-09-08 12:04 - 2017-09-08 12:04 - 001856576 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-12-19 23:57 - 2017-12-19 23:57 - 001864256 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-05-01 17:11 - 2018-05-01 17:11 - 001884616 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-07-18 12:49 - 2018-07-18 12:49 - 001906040 _____ (Oracle Corporation) C:\Users\Quan\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-07-20 10:24 - 2018-07-20 10:24 - 000355224 _____ (Lavasoft) C:\Users\Quan\AppData\Local\Temp\offer-FB4BFE09-89FC-4F4D-B3CD-D0B093DEF7816.exe
2018-05-28 16:42 - 2017-11-27 04:50 - 002458736 _____ () C:\Users\Quan\AppData\Local\Temp\Uninstall.exe
2018-07-21 09:07 - 2018-07-21 09:08 - 000958776 _____ (adaware) C:\Users\Quan\AppData\Local\Temp\WCU009.exe
2016-10-18 12:38 - 2018-01-25 21:21 - 006242320 _____ (Microsoft Corporation) C:\Users\Quan\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-04 14:35

==================== End of FRST.txt ============================

 

[Shadoewolf]

Also this used my uncles laptop so there might be some medical Files

 

[Shadoewolf]

==================== Accounts: =============================

Administrator (S-1-5-21-48903865-4041566842-226505006-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-48903865-4041566842-226505006-503 - Limited - Disabled)
Guest (S-1-5-21-48903865-4041566842-226505006-501 - Limited - Disabled)
Quan (S-1-5-21-48903865-4041566842-226505006-1001 - Administrator - Enabled) => C:\Users\Quan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Reading Mode (HKLM\...\{47CE1F58-C6AB-4316-BFA1-1D64CCE674B1}) (Version: 1.0.1 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Med_Term_QandC (HKLM\...\{E43AB9AE-C27C-4509-F17B-A81D07718D98}) (Version: 1.0 - UNKNOWN)
MediBang Paint Pro 17.0 (32-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 17.0 - Medibang)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5031.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version: - )
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9400.4028 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-48903865-4041566842-226505006-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
UpdateAssistant (HKLM\...\{82C4F331-0AF5-4BDA-AA1B-A2182789FEBA}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{8AE27BD2-CECE-4DA0-BA9F-C9535E622689}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
Web Companion (HKLM\...\{f9124e31-5a6d-4c9c-81da-5ccd6494697a}) (Version: 4.3.1865.3518 - Lavasoft)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (08/06/2015 8.0.0.19) (HKLM\...\149F37A1996406108DA0EB71D7EBC48895119059) (Version: 08/06/2015 8.0.0.19 - ASUS)
Windows Setup Remediations (x86) (KB4023057) (HKLM\...\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb) (Version: - )
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-48903865-4041566842-226505006-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Quan\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-48903865-4041566842-226505006-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-05] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B522455-FA79-470D-9911-72A0012EAB23} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {11CE369F-4D99-446C-8298-51E2B9501E1A} - System32\Tasks\{F83D95A3-6278-CF60-7926-DC44DCA8FCD1} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://hophitnews.ru/cl/?guid=k3ssuake7177ickllcjqeh3bhkfsjaou&prid=1&pid=4_1324_0
Task: {14A4C36B-D859-44E8-8689-5A63A8049A5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {21A8854D-86D9-460E-9ACE-B456554E6EC7} - System32\Tasks\{90B0B13C-B698-461F-12C1-6371E010A425} => C:\Users\Quan\AppData\Roaming\zbEIkooQJeZ.exe [2015-07-10] (Microsoft Corporation) <==== ATTENTION
Task: {25A7CA08-BD8C-49B8-A99E-0EA2A79D26C4} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-10-14] (ASUSTek Computer INC.)
Task: {44D7644E-7556-44BA-9BB3-961D09203FD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {44F0D708-6A5F-4E37-BE86-B7C9A1BE5366} - System32\Tasks\{7C95C3B3-558B-5A70-E175-0ACED6FFA908} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://hophitnews.ru/cl/?guid=fu0r73sm8wkx8vvxeah2in4lk71q3b39&prid=1&pid=4_1324_0
Task: {4DB86A88-B7AB-4B33-B512-F90222287C0A} - System32\Tasks\Asus Reading Mode => C:\Program Files\ASUS\ASUS Reading Mode\ReadingModeWatchDogx86.exe [2013-08-26] ()
Task: {5BAF4D51-D5BB-4FEE-B94D-01CFBBE1E69F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D7BD0D3-2B1B-4BE8-BFD9-FE2FD7DD735D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {661A2FBE-3BC8-43F5-9D6C-C82F916D75B9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {70015984-574C-4149-8796-37EC6306F9A5} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe [2018-04-07] (Microsoft Corporation)
Task: {7D9B7982-168F-45C5-A9C3-9EE1712A5FB2} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {7EE74B3B-100A-4C37-8F8E-CBE4E16A4295} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81C1E26B-96F1-45B6-A1F4-AFD44FB79110} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8723724A-786E-4344-ADA5-1973FA70CF49} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {882A8DAE-7414-4F9A-9E65-5F7FAF92B8FE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-27] (AsusTek)
Task: {8A4F75EE-25F1-43DA-88A0-EE2631FC0AA8} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {8F10F4DA-69B5-45BC-B819-A434E203B83D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {96167C29-A5BC-4BDA-94DE-066F41F51FAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {99FBC4AF-9D9B-4828-8D4F-F3BC6981C807} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3C438EA-443B-4CAE-9D6C-C707E6B25906} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {ACDDC380-4236-4D41-A555-51BF3F82403E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B02A304F-7F5C-4187-B9CD-3583855882D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8058DBD-22C4-4F20-8882-3B9DFB4BCC6D} - System32\Tasks\{3BCE65B8-982C-C0B6-5D11-4B7FF272BB6B} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://hophitnews.ru/cl/?guid=ki42s2fblzm9d5lxa61uacao9v0azsw9&prid=1&pid=4_1324_0
Task: {BB82E66E-BF4F-444C-8D26-E1BB9AD2F267} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {C10482F3-5A54-4D61-A1BF-ED6C063A39E0} - System32\Tasks\{C4B4B425-1E59-077D-67F7-1328CABBA13B} => C:\Users\Quan\MiiniNBAeH.exe [2015-07-10] (Microsoft Corporation)
Task: {C38F2A60-1325-4DF6-9A1C-037DE60CF016} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C8A9F023-4E6B-45DB-ADE0-4D75B947D010} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFE98C95-34A7-469D-AE53-FCC1B3F53889} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E92E07AF-C476-4647-B683-0CE2408BAE59} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {ED10F6FE-706B-4E92-8C1B-7264CF72B417} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {F97C0010-0E49-40F4-84BB-F8BA83460D95} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {FC932216-D72C-4863-9B95-9BB88F754E40} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FFE16032-2E3C-4233-AF54-9C53AA6D81A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)