[INACTIVE] Slow Computer. Spam and Spyware.

Hi,


I have a lot off spam and spyware. Difficult to browse through website because off much adds with Google Chrome. Here is the Hijackthis log. Thanks guys


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:06:40, on 5/03/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\tony\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\tony\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\tony\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\tony\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [BingSvc] C:\Users\tony\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @oem0.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\viakaraokesrv.exe

--
End of file - 4923 bytes

Hello there, Let's see what we can do here...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please copy and paste log back here.
  
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe / FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

Hello,


Thanks for the help.


Here you have the log files:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2017
Ran by tony (administrator) on DESKTOP-FMJ3GQ8 (07-03-2017 22:49:23)
Running from C:\Users\tony\Downloads
Loaded Profiles: tony (Available Profiles: tony)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(© 2015 Microsoft Corporation) C:\Users\tony\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-06] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-21-3964616016-1854025121-3180756067-1001\...\Run: [BingSvc] => C:\Users\tony\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3964616016-1854025121-3180756067-1001\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-06] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4
Tcpip\..\Interfaces\{14161d88-2bd2-4edd-96df-a1a0212f97fc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5033248-9df8-434d-b094-4296bbbe6893}: [DhcpNameServer] 195.130.131.4 195.130.130.4

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\TomTom\HOME\Profiles\siphddh6.default [2016-11-09]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-11]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=nl-nl
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Google Presentaties) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-08]
CHR Extension: (Chrome Note) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\adjgkicnjpdidejieampegajjjgjccea [2016-08-23]
CHR Extension: (Google Documenten) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-08]
CHR Extension: (Google Drive) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-08]
CHR Extension: (YouTube) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-08]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-03-05]
CHR Extension: (Avast SafePrice) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-20]
CHR Extension: (Google Spreadsheets) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-08]
CHR Extension: (Offline Documenten) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-08]
CHR Extension: (Avast Online Security) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-07]
CHR Extension: (Fonter) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppnpdgkgichdbnjkjjlbjfefopfjned [2016-08-13]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3964616016-1854025121-3180756067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144 2017-03-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-06] (AVAST Software)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [46736 2016-08-08] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [257288 2017-03-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148720 2017-03-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [267016 2017-03-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41176 2017-03-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-03-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-03-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106392 2017-03-06] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [355752 2017-03-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [90336 2017-03-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-03-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [756200 2017-03-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [463936 2017-03-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118288 2017-03-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [278776 2017-03-06] (AVAST Software)
S3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2016-08-23] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2016-08-23] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [161216 2017-03-06] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 netr28u; C:\WINDOWS\System32\drivers\netr28u.sys [1824256 2016-07-16] (MediaTek Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [573560 2016-08-08] (VIA Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 22:49 - 2017-03-07 22:49 - 01765888 _____ (Farbar) C:\Users\tony\Downloads\FRST.exe
2017-03-07 22:49 - 2017-03-07 22:49 - 00012192 _____ C:\Users\tony\Downloads\FRST.txt
2017-03-07 22:49 - 2017-03-07 22:49 - 00000000 ____D C:\FRST
2017-03-07 22:48 - 2017-03-07 22:48 - 00604928 _____ (Reimage) C:\Users\tony\Downloads\ReimageRepair.exe
2017-03-07 13:51 - 2017-03-07 13:54 - 00278820 _____ C:\WINDOWS\Minidump\030717-71843-01.dmp
2017-03-07 13:45 - 2017-03-07 13:47 - 00278940 _____ C:\WINDOWS\Minidump\030717-78609-01.dmp
2017-03-07 13:38 - 2017-03-07 13:39 - 00278876 _____ C:\WINDOWS\Minidump\030717-25140-01.dmp
2017-03-07 13:05 - 2017-03-07 13:05 - 00000000 ___HD C:\OneDriveTemp
2017-03-07 07:51 - 2017-03-07 07:54 - 00278988 _____ C:\WINDOWS\Minidump\030717-23546-01.dmp
2017-03-07 07:46 - 2017-03-07 07:46 - 00050800 _____ C:\Users\tony\Documents\Onkosten kerkstr. .pdf
2017-03-07 07:20 - 2017-03-04 22:33 - 00040870 ____T C:\Users\tony\Documents\Offerte afloop Gar.Const. 3-0201.pdf
2017-03-07 07:19 - 2017-03-04 22:33 - 00040870 ____T C:\Users\tony\Documents\AV 2017 Gar. Const..pdf
2017-03-07 07:09 - 2017-03-07 07:12 - 00278804 _____ C:\WINDOWS\Minidump\030717-18140-01.dmp
2017-03-07 00:37 - 2017-03-07 00:37 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-06 23:16 - 2017-03-06 23:16 - 00000000 ___HD C:\$AV_ASW
2017-03-06 22:47 - 2017-03-06 22:44 - 00267016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-03-06 22:47 - 2017-03-06 22:44 - 00257288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-03-06 22:47 - 2017-03-06 22:44 - 00148720 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-03-06 22:47 - 2017-03-06 22:44 - 00041176 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-03-06 22:47 - 2016-11-11 12:03 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEC0E.tmp
2017-03-06 22:47 - 2016-11-11 12:03 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF412.tmp
2017-03-06 22:47 - 2016-11-11 12:03 - 00224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF4A0.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF637.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF1ED.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEF5B.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF2F8.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEA67.tmp
2017-03-06 22:47 - 2016-08-22 10:17 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF0E3.tmp
2017-03-06 22:47 - 2016-08-22 10:16 - 00338936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswDBB1.tmp
2017-03-06 22:46 - 2017-03-06 22:45 - 00328208 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-06 22:37 - 2017-03-06 22:38 - 00279012 _____ C:\WINDOWS\Minidump\030617-42937-01.dmp
2017-03-06 22:34 - 2017-03-06 22:36 - 00278852 _____ C:\WINDOWS\Minidump\030617-37046-01.dmp
2017-03-06 22:29 - 2017-03-06 22:29 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1EB86044.sys
2017-03-06 07:40 - 2017-03-06 07:42 - 00278924 _____ C:\WINDOWS\Minidump\030617-55671-01.dmp
2017-03-06 07:06 - 2017-03-06 07:06 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1DA11E46.sys
2017-03-06 00:55 - 2017-03-06 00:56 - 00278772 _____ C:\WINDOWS\Minidump\030617-21031-01.dmp
2017-03-06 00:36 - 2017-03-06 00:36 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\042D73B7.sys
2017-03-05 22:40 - 2017-03-05 22:41 - 00279020 _____ C:\WINDOWS\Minidump\030517-33015-01.dmp
2017-03-05 22:21 - 2017-03-06 22:35 - 00161216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-05 22:20 - 2017-03-05 22:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-05 22:18 - 2017-03-05 22:20 - 57131432 _____ (Malwarebytes ) C:\Users\tony\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-05 22:05 - 2017-03-05 22:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\tony\Downloads\HijackThis.exe
2017-03-05 22:04 - 2017-03-05 22:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\tony\Downloads\Niet bevestigd 269074.crdownload
2017-02-27 12:07 - 2017-02-27 12:07 - 00347635 _____ C:\Users\tony\Documents\attachment[2818]Daglig ker. vuur.pdf
2017-02-18 11:49 - 2017-02-18 11:49 - 00559815 _____ C:\Users\tony\Downloads\2017000287727.pdf
2017-02-09 07:53 - 2017-02-09 07:53 - 00000918 _____ C:\Users\tony\Desktop\My business - Shortcut.lnk
2017-02-08 16:05 - 2017-02-08 16:05 - 00084876 _____ C:\Users\tony\Downloads\bijles1.pdf
2017-02-08 16:05 - 2017-02-08 16:05 - 00084876 _____ C:\Users\tony\Downloads\bijles1 (1).pdf
2017-02-05 19:59 - 2017-02-05 19:59 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 22:47 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-07 22:47 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-07 22:37 - 2015-07-09 19:22 - 00000000 ___RD C:\Users\tony\OneDrive
2017-03-07 22:35 - 2016-09-24 14:55 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2017-03-07 14:09 - 2016-09-24 14:58 - 00000000 ____D C:\Users\tony
2017-03-07 14:09 - 2016-09-24 14:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 13:51 - 2016-12-18 07:58 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-07 13:51 - 2016-09-24 15:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-07 13:51 - 2016-08-27 13:12 - 333750837 _____ C:\WINDOWS\MEMORY.DMP
2017-03-07 13:05 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-07 07:17 - 2016-09-25 00:43 - 00899958 _____ C:\WINDOWS\system32\perfh013.dat
2017-03-07 07:17 - 2016-09-25 00:43 - 00216714 _____ C:\WINDOWS\system32\perfc013.dat
2017-03-07 07:17 - 2015-07-09 19:15 - 02321842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-07 00:35 - 2016-08-13 05:52 - 00001197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-07 00:34 - 2016-07-16 03:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-06 23:59 - 2015-07-09 19:13 - 00000000 ____D C:\Program Files\KMSpico
2017-03-06 23:02 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\registration
2017-03-06 22:49 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-03-06 22:47 - 2016-08-13 05:48 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-06 22:45 - 2016-08-13 05:52 - 00031064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00756200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00463936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00278776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00118288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00106392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00090336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-06 22:45 - 2016-08-13 05:50 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-06 22:44 - 2016-08-13 05:50 - 00355752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-03-06 22:40 - 2016-07-16 03:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-05 22:06 - 2015-07-09 19:20 - 00000000 ____D C:\Users\tony\AppData\Local\VirtualStore
2017-03-04 22:12 - 2015-07-09 19:22 - 00002364 _____ C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-26 07:37 - 2017-01-19 17:08 - 00000000 ____D C:\Users\tony\Documents\tony foto
2017-02-24 12:32 - 2016-11-09 15:50 - 00000000 ____D C:\ProgramData\Skype
2017-02-24 01:58 - 2016-11-23 08:35 - 00000000 ____D C:\Users\tony\Documents\BOETES
2017-02-24 01:57 - 2016-12-07 19:21 - 00000000 ____D C:\Users\tony\Documents\Groene Swaen
2017-02-24 01:57 - 2016-11-23 09:18 - 00000000 ____D C:\Users\tony\Documents\Lamy
2017-02-24 00:51 - 2016-08-08 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 00:48 - 2016-08-08 16:37 - 135086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 03:05 - 2016-12-07 20:13 - 00000000 ____D C:\Users\tony\Documents\OZ
2017-02-22 22:23 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 22:13 - 2015-07-09 19:20 - 00000000 ____D C:\Users\tony\AppData\Local\Packages
2017-02-21 20:55 - 2015-07-09 19:24 - 00000000 ____D C:\Users\tony\Desktop\tony foto
2017-02-06 23:38 - 2016-08-08 17:21 - 00002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 23:38 - 2016-08-08 17:21 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:48 - 2016-10-30 12:07 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-10-30 12:07 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-02-06 18:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-05 19:59 - 2016-11-09 15:50 - 00000000 ___RD C:\Program Files\Skype

Some files in TEMP:
====================
2016-11-09 16:00 - 2016-11-09 16:00 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\tony\AppData\Local\Temp\BSvcProcessor.exe
2016-11-09 16:00 - 2016-11-09 16:00 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\tony\AppData\Local\Temp\BSvcUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 01:28

==================== End of FRST.txt ============================




additional note pad:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by tony (07-03-2017 22:50:28)
Running from C:\Users\tony\Downloads
Microsoft Windows 10 Home Version 1607 (X86) (2016-09-24 14:18:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3964616016-1854025121-3180756067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3964616016-1854025121-3180756067-503 - Limited - Disabled)
Guest (S-1-5-21-3964616016-1854025121-3180756067-501 - Limited - Disabled)
tony (S-1-5-21-3964616016-1854025121-3180756067-1001 - Administrator - Enabled) => C:\Users\tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Premier (HKLM\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Dutch/Nederlands (HKLM\...\OMUI.nl-nl) (Version: 12.0.4518.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3964616016-1854025121-3180756067-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
PIXresizer (HKLM\...\PIXresizer_is1) (Version: 2.0.5 - Bluefive software)
SafeZone Stable 3.55.2393.561 (Version: 3.55.2393.561 - Avast Software) Hidden
Skype™ 7.32 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
UpdateAssistant (Version: 1.1.0.0 - Microsoft Corporation) Hidden
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17353 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04895472-8F27-45C7-ADDE-A32A108596B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-08] (Google Inc.)
Task: {28AD8E2A-D7BE-4437-95F3-A5CFC8C20CB6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-06] (AVAST Software)
Task: {4C415D58-B3F2-4398-9C87-513B085C2ACD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-06-21] (Microsoft Corporation)
Task: {A1D8F1B3-E2A8-4FE3-9D28-0BCF6F813894} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\tony\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe 
Task: {A48CD685-99E5-46F1-9535-39DF347FDB8A} - System32\Tasks\SafeZone scheduled Autoupdate 1471063943 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {AC585335-51DC-45B3-B6BB-DFAC16BFD4EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe 
Task: {C36A24B7-33B3-4E59-BEC5-03634A10B1A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-08] (Google Inc.)
Task: {D3A155D8-32C0-4491-8037-7E39E83E0EE3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:25 - 2016-07-16 09:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 22:48 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-14 22:48 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 22:48 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 09:25 - 2016-07-16 09:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 13:20 - 2016-12-21 05:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 13:21 - 2016-12-21 05:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 13:21 - 2016-12-21 05:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-25 00:47 - 2016-09-25 00:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 13:21 - 2016-12-21 05:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 13:21 - 2016-12-21 05:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 22:03 - 2017-02-22 22:03 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 22:03 - 2017-02-22 22:03 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 22:03 - 2017-02-22 22:03 - 30889472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:43 - 2017-02-06 20:43 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\roottools.dll
2017-03-06 22:45 - 2017-03-06 22:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-13 05:50 - 2016-08-13 05:50 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-06 22:44 - 2017-03-06 22:44 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-06 22:45 - 2017-03-06 22:45 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-03 00:15 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\tony\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-01-03 00:15 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\tony\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 09:28 - 2015-07-10 09:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3964616016-1854025121-3180756067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tony\Pictures\My family\IMG_0218 (2).JPG
DNS Servers: 195.130.131.4 - 195.130.130.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8D276563-40D2-4F44-9374-8F6F49BE0DB2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BF08F375-05D1-41D7-8E58-0C06363BAC9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{336B23B8-52C9-4F14-BA7A-EF65A92E8C4B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{C36B02C2-075B-4134-A424-A79CC222972E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe

==================== Restore Points =========================

19-02-2017 00:04:24 Scheduled Checkpoint
22-02-2017 22:22:12 Windows Update
04-03-2017 23:09:52 Scheduled Checkpoint
06-03-2017 22:46:25 Restore Operation

==================== Faulty Device Manager Devices =============

Name: HP 802.11b|g Wireless Network Adapter
Description: HP 802.11b|g Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2017 08:58:23 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 08:58:23 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:53:14 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:53:14 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:53:14 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:53:14 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:53:14 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:47:57 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-FMJ3GQ8)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (03/07/2017 07:11:11 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (03/07/2017 07:11:11 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (03/07/2017 10:36:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 02:09:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 01:54:40 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000019 (0x00000020, 0xadb649b0, 0xadb649c8, 0x08030019). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: d76e6370-469b-42ec-8004-16502768ea25.

Error: (03/07/2017 01:52:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 01:52:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 01:52:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 01:51:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/07/2017 01:51:35 PM) (Source: athr) (EventID: 5003) (User: )
Description: HP 802.11b|g Wireless Network Adapter : Could not find a network adapter.

Error: (03/07/2017 01:51:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:45:40 PM on ‎3/‎7/‎2017 was unexpected.

Error: (03/07/2017 01:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-12-07 23:30:07.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-07 23:30:07.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 44%
Total physical RAM: 3327.3 MB
Available physical RAM: 1833.84 MB
Total Virtual: 3903.3 MB
Available Virtual: 2372.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:294.48 GB) NTFS
Drive d: () (Fixed) (Total:149.05 GB) (Free:144.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BA93E015)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: F486F486)
Partition 1: (Active) - (Size=149 GB) - (Type=42)
Partition 2: (Not Active) - (Size=1849 KB) - (Type=42)

==================== End of Addition.txt ============================

Hello again, I would recommend that the program, "KMSpico," be removed from your computer. Start > type in appwiz.cpl and search for KMSpico to uninstall.

After that, please do the following:
Fix with Farbar Recovery Scan Tool



Download attached fixlist.txt file (find at bottom of post or click here) and save it to the Desktop, and move FRST.exe from C:\Users\tony\Downloads to the Desktop as well. As long as both files, FRST and fixlist.txt are in the same location — otherwise, the fix will not work!

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please post it to your reply.

---

Please download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

---

Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

• Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  
• Follow the prompts and let this process run uninterrupted.
  
• This scan can take a while, depending on your System specs.
  
• Upon completion, a log (JRT.txt) will open on your desktop.
  

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

---

Please download Malwarebytes' AdwCleaner onto your Desktop.

• Double click on AdwCleaner_xxxx.exe to run the tool.
  
• Click on Scan.
  
• After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by tony (08-03-2017 23:30:00) Run:1
Running from C:\Users\tony\Desktop
Loaded Profiles: tony (Available Profiles: tony)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
emptytemp:
closeprocesses:
createrestorepoint:
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
C:\Program Files\KMSpico
2017-03-07 22:48 - 2017-03-07 22:48 - 00604928 _____ (Reimage) C:\Users\tony\Downloads\ReimageRepair.exe
2017-03-07 22:35 - 2016-09-24 14:55 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
Task: {AC585335-51DC-45B3-B6BB-DFAC16BFD4EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe 
end
*****************

Processes closed successfully.
Restore point was successfully created.
Service KMSELDI => service not found.
C:\Program Files\KMSpico => moved successfully
C:\Users\tony\Downloads\ReimageRepair.exe => moved successfully
C:\WINDOWS\system32\Drivers\lvuvc.hs => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC585335-51DC-45B3-B6BB-DFAC16BFD4EF} => key not found. 
C:\Windows\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 

=========== EmptyTemp: ==========

BITS transfer queue => 1409968 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78654998 B
Java, Flash, Steam htmlcache => 11603 B
Windows/system/drivers => 49089974 B
Edge => 4216890753 B
Chrome => 746808584 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 53458 B
NetworkService => 8542 B
tony => 326693150 B

RecycleBin => 1192431673 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:40:55 ====




CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\frst\quarantine\c\program files\kmspico\tokensbackup\keys.txt
c:\frst\quarantine\c\program files\kmspico\tokensbackup\windows\data.dat
c:\frst\quarantine\c\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\frst\quarantine\c\program files\kmspico\tokensbackup\windows\tokens.dat
c:\frst\quarantine\c\program files\kmspico\tokensbackup\windows\cache\cache.dat
scanner sequence 3.BC.11.POAPVZ
 ----- EOF ----- 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x86 
Ran by tony (Administrator) on wo 08/03/2017 at 23:51:55,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 08/03/2017 at 23:55:03,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v6.044 - Logfile created 10/03/2017 at 00:09:23
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-09.3 [Server]
# Operating System : Windows 10 Home  (X86)
# Username : tony - DESKTOP-FMJ3GQ8
# Running from : C:\Users\tony\Downloads\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\fotosizer.nl.soft
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.sof
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nl.softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pixresizer.nl.sof
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\resize.nl.softoni
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\fotosizer.nl.softoni
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.softwa
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nl.softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pixresizer.nl.softon
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\resize.nl.softonic.c
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4943 Bytes] - [10/03/2017 00:09:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5016 Bytes] ##########

I will be replacing Dr Jay for a bit. Could you please give me an update on how your computer is working?

[mod]Do you still need help? We have not heard from you for a while... Please get back with us so we can assist you further![/mod]

[adm]Due to lack of response, this topic is now closed. If you would like it reopened, PM me, a Security Officer, or another administrator. If you have a different computer other than the one above, or if you are someone else, please start a new topic.[/adm]