Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Painfully Slow Computer

Solved 
5K views 30 replies 2 participants last post by  capnkrunch 
#1 ·
Hi, yesterday I tried downloading some material from the internet and computer installed bunch of malware and viruses on the computer. Since then it has been extremely slow. I tried uninstalling programs that installed yesterday and was successful. Please help.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2908 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1326 Mb
Hard Drives: C: 434 GB (22 GB Free); F: 465 GB (191 GB Free);
Motherboard: TOSHIBA, KSWAA
Antivirus: Microsoft Security Essentials, Enabled and Updated
 
#2 ·
Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Hello ptichun and welcome back to the Tech Support Guy Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#3 ·
Please run the following scan:

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    You need to download and run the 32-bit version.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
 
#5 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.06.2018
Ran by ptichun (administrator) on SVEZNALICA (19-06-2018 14:06:16)
Running from C:\Users\ptichun\Downloads
Loaded Profiles: ptichun (Available Profiles: ptichun & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Wireless Service) C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
() C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Gold Click Ltd) C:\Program Files\ProxyGate\Cloud.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Gold Click Ltd) C:\Program Files\ProxyGate\PGChk.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(DivX, LLC) C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
() C:\Program Files\Hexagon\cans.exe
() C:\Program Files\Hexagon\cans.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(© 2015 Microsoft Corporation) C:\Users\ptichun\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\postural\mccarren.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Melasys) C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Program Files\Groundstrokes\Quayside.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
() C:\Users\ptichun\AppData\Local\Latham.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
() C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [274608 2010-11-23] (RealNetworks, Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-05-22] (Apple Inc.)
HKLM\...\Run: [Flayed] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Lentz] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKLM\...\Run: [Catastrophic] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Lady] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Scapegoats] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKLM\...\Run: [Bellotti] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [BingSvc] => C:\Users\ptichun\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Chromium] => c:\users\ptichun\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Mclarty] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Cleave] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Momentum] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Featherbedding] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Harmonies] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Shucks] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [mccarren] => C:\Program Files\postural\mccarren.exe [44824 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [caper] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [ImpaqSpeed] => C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15774312 2018-05-21] (Melasys)
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\MountPoints2: {2a329238-ce02-11e0-a84e-002622ebfd92} - E:\LaunchU3.exe
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenville.lnk [2018-06-18]
ShortcutTarget: greenville.lnk -> C:\Program Files\Dissatisfied\Latham.exe ()
Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenvillegreenville.lnk [2018-06-18]
ShortcutTarget: greenvillegreenville.lnk -> C:\Program Files\schelling\Quayside.exe ()
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0616128D-6371-4967-B2C1-BFAD6043F725}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0616128D-6371-4967-B2C1-BFAD6043F725}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69C0A4BD-10DF-4634-9868-861521F3C6BE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{89F93CFB-3F38-40F9-B383-E16F12C1D582}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{98BA5D8D-9CCB-4208-A8C4-E1B6BCB132A2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DFD29AFC-4966-4800-9940-D36BB08AF495}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ca.yahoo.com/?fr=fp-yie9
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0375bd32&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061318-AD26CBEB7DD&form=CONBDF&conlogo=CT3335811&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {40F707B0-22D1-442B-9824-BF665554FCC8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0375bd32&q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
BHO: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files\Keepvid\KeepVid KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2018-02-02] ()
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Technologies)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: auwjiotq.default-1471367127920-1510800610513
FF ProfilePath: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\f4mvyrgd.default-1498053148872 [2018-06-18]
FF ProfilePath: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 [2018-06-19]
FF Homepage: Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 -> hxxp://www.bing.com/?pc=COSP&ptag=D061318-AD26CBEB7DD&form=CONMHP&conlogo=CT3335811
FF Extension: (SaveFrom.net helper) - C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513\Extensions\helper-sig@savefrom.net.xpi [2018-06-18]
FF SearchPlugin: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513\searchplugins\bing-lavasoft-ff59.xml [2018-06-13]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-05-09] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-04] [Legacy] [not signed]
FF HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2101005229-1017427555-4036206314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ptichun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFemqrj-rMQQYj9WvYBYE0FaarNOnhNvfXQvx34KwIzzvuTrxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFdpFkfzNnKpPJ44zANdI60m5hktFaXgRfspziMfcD_lYJ237M_pxFV-_TtqK9cHMupac8pqa-cYrPU1XsK6LW-iQYYA,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Slides) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Docs) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
CHR Extension: (Google Drive) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-24]
CHR Extension: (Browser Hunt) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-09-11]
CHR Extension: (Sheets) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Skype) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-05-06]
CHR Extension: (Mountain Browse) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj [2017-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-11]
CHR Extension: (Simple Finder Multi Region) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-06-18]
CHR Extension: (Gmail) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-06]
CHR Extension: (System Table) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-18]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [181616 2009-07-17] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [43344 2018-06-04] (Dropbox, Inc.)
R2 D_Link_DWA-125; C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2009-08-21] (Wireless Service) [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [322792 2018-03-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 pgt_svc; C:\Program Files\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop186.exe [517432 2018-05-21] (PandaViewer)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [181616 2009-08-10] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
S3 WsDrvInst; C:\Program Files\Keepvid\KeepVid KeepVid Pro\DriverInstall.exe [109688 2018-02-02] (Wondershare)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R3 netr28u; C:\windows\System32\DRIVERS\Dnetr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 s117bus; C:\windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 14:06 - 2018-06-19 14:20 - 000030051 _____ C:\Users\ptichun\Downloads\FRST.txt
2018-06-19 14:04 - 2018-06-19 14:06 - 000000000 ____D C:\FRST
2018-06-19 14:01 - 2018-06-19 14:02 - 001773568 _____ (Farbar) C:\Users\ptichun\Downloads\FRST.exe
2018-06-19 07:11 - 2018-06-19 07:11 - 000748192 _____ (TechGuy, Inc.) C:\Users\ptichun\Downloads\SysInfo(2).exe
2018-06-19 07:09 - 2018-06-19 07:09 - 000748192 _____ (TechGuy, Inc.) C:\Users\ptichun\Downloads\SysInfo(1).exe
2018-06-19 06:03 - 2018-06-19 06:12 - 002709624 _____ C:\windows\ntbtlog.txt
2018-06-18 18:55 - 2018-06-18 18:55 - 000000000 ____D C:\Users\ptichun\AppData\Local\ImpaqSpeed
2018-06-18 18:44 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
2018-06-18 18:44 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\NCWS1MPIV7
2018-06-18 18:27 - 2018-06-18 18:27 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\OneSystemCare
2018-06-18 18:27 - 2018-06-18 18:27 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\FastDataX
2018-06-18 18:25 - 2018-06-18 18:25 - 000145456 _____ C:\windows\Minidump\061818-71791-01.dmp
2018-06-18 09:21 - 2018-06-18 16:55 - 000082432 _____ (ahjqtbs) C:\Users\ptichun\AppData\Roaming\command.dll
2018-06-18 07:36 - 2018-06-18 07:36 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-06-18 07:29 - 2018-06-18 07:46 - 000000000 ____D C:\Program Files\CY7UKLC70G
2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\uf3r21up1fz
2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\74B1NTFBRT
2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\se4whuag0ky
2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\f4rbsw5zee1
2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\ZL9TZMZ5PE
2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\M41QM9F4J5
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\qhtybw0wvmx
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\moztjnjsxyu
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\e32exah2ukl
2018-06-18 06:27 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\c5koq5i2kl1
2018-06-18 06:23 - 2018-06-18 06:23 - 000000000 ____D C:\Program Files\ZP5JQ90FKY
2018-06-18 06:15 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AT31O40NII
2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5k4lcptyol1
2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3z5gjlt5qci
2018-06-18 06:14 - 2018-06-18 06:15 - 000000000 ____D C:\Program Files\4OV5D3E3ZM
2018-06-18 06:14 - 2018-06-18 06:14 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\spog5xmyzlf
2018-06-18 06:09 - 2018-06-18 06:09 - 002948240 _____ (BitTorrent Inc.) C:\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264
2018-06-18 06:07 - 2018-06-18 06:07 - 000000012 _____ C:\windows\b8998883
2018-06-18 06:06 - 2018-06-18 06:07 - 000000000 ____D C:\Program Files\ProxyGate
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\postural
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\Groundstrokes
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ____D C:\Program Files\obo
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\schelling
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Hexagon
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Dissatisfied
2018-06-18 06:04 - 2018-06-18 18:46 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-06-18 06:04 - 2018-06-18 06:05 - 000000000 ____D C:\Users\ptichun\AppData\Local\Package Cache
2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\w3bxmavwtvf
2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Program Files\L1L39K74D5
2018-06-18 06:02 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\0756KZBAPD
2018-06-18 06:02 - 2018-06-18 06:43 - 000000000 ____D C:\Program Files\Multitimer
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\acnfk1yolmo
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AAAZZZ
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\7IYDGNJIHD
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\gpezmwclh54
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3nwf3zdl1oa
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\HLQVFPEM5V
2018-06-18 06:00 - 2018-06-18 06:00 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5a55opst0te
2018-06-18 05:59 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\U33K7RH5VK
2018-06-18 05:58 - 2018-06-19 06:25 - 000000000 ____D C:\Program Files\AnonymizerGadget
2018-06-18 05:58 - 2018-06-19 06:24 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\WidModule
2018-06-18 05:58 - 2018-06-19 06:10 - 000000000 ____D C:\Program Files\ios0vrked4g
2018-06-18 05:58 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\85ZBGYIRU1
2018-06-18 05:58 - 2018-06-18 06:48 - 000000000 ____D C:\Program Files\cleanComputerNew
2018-06-18 05:58 - 2018-06-18 06:06 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\AGData
2018-06-18 05:57 - 2018-06-18 05:57 - 000001094 _____ C:\Users\ptichun\Desktop\Adult Dating.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Warframe.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Crossout.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001086 _____ C:\Users\ptichun\Desktop\Win iPhone X.lnk
2018-06-18 05:50 - 2018-06-18 05:50 - 000763096 _____ (WinZip Computing, S.L.) C:\Users\ptichun\Downloads\winzip22.exe
2018-06-18 05:28 - 2018-06-18 05:28 - 000732164 _____ C:\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\windows\grail.exe
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Quayside.exe
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Latham.exe
2018-06-13 13:08 - 2018-06-13 13:08 - 000000000 ____D C:\Users\ptichun\Downloads\The.Incredibles.2.DVDrip
2018-06-13 12:55 - 2018-06-13 12:58 - 000000000 ____D C:\Users\ptichun\Downloads\The Incredibles (2004)
2018-06-13 09:58 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-06-13 09:58 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2018-06-13 09:58 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-06-13 09:58 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\windows\system32\halmacpi.dll
2018-06-13 09:58 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-06-13 09:58 - 2018-05-28 19:32 - 000137920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-06-13 09:58 - 2018-05-28 19:32 - 000136384 _____ (Microsoft Corporation) C:\windows\system32\halacpi.dll
2018-06-13 09:58 - 2018-05-28 19:32 - 000067264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-06-13 09:58 - 2018-05-28 19:25 - 001310480 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-06-13 09:58 - 2018-05-28 19:22 - 001063424 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-06-13 09:58 - 2018-05-28 19:22 - 000655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-06-13 09:58 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-06-13 09:58 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-06-13 09:58 - 2018-05-28 19:22 - 000082432 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-06-13 09:58 - 2018-05-28 19:01 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-06-13 09:58 - 2018-05-28 18:59 - 000124928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-06-13 09:58 - 2018-05-28 18:58 - 000069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-06-13 09:58 - 2018-05-28 17:04 - 000535616 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-06-13 09:58 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-06-13 09:58 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-06-13 09:58 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-06-13 09:58 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-06-13 09:58 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-06-13 09:58 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-06-13 09:58 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-06-13 09:58 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-06-13 09:58 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-06-13 09:58 - 2018-05-24 20:59 - 000668160 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-06-13 09:58 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-06-13 09:58 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-06-13 09:58 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-06-13 09:58 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-06-13 09:58 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-06-13 09:58 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-06-13 09:58 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-06-13 09:58 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-06-13 09:58 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-06-13 09:58 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-06-13 09:58 - 2018-05-24 20:38 - 000692224 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-06-13 09:58 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-06-13 09:58 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-06-13 09:58 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-06-13 09:58 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-06-13 09:58 - 2018-05-14 20:44 - 001214656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2018-06-13 09:58 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2018-06-13 09:58 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\windows\system32\webservices.dll
2018-06-13 09:58 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2018-06-13 09:58 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2018-06-13 09:58 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2018-06-13 09:58 - 2018-05-14 18:09 - 000410080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2018-06-13 09:58 - 2018-05-14 18:09 - 000374872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2018-06-13 09:58 - 2018-05-11 18:56 - 000056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2018-06-13 09:58 - 2018-05-11 18:56 - 000025984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-06-13 09:58 - 2018-05-11 18:56 - 000024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2018-06-13 09:58 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-06-13 09:58 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-06-13 09:58 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-06-13 09:57 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-06-13 09:57 - 2018-05-28 19:03 - 000097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-06-13 09:57 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-06-13 09:57 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-06-13 09:57 - 2018-05-28 19:03 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-06-13 09:57 - 2018-05-28 19:03 - 000016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-06-13 09:57 - 2018-05-28 19:01 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-06-13 09:57 - 2018-05-28 18:59 - 000226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-06-13 09:57 - 2018-05-28 18:59 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-06-13 09:57 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-06-13 09:57 - 2018-05-28 18:58 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-06-13 09:57 - 2018-05-28 18:58 - 000015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-06-13 09:57 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-06-13 09:57 - 2018-05-24 21:28 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-06-13 09:57 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-06-13 09:57 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-06-13 09:57 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-06-13 09:57 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-06-13 09:57 - 2018-05-24 21:06 - 000104960 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-06-13 09:57 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-06-13 09:57 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-06-13 09:57 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-06-13 09:57 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2018-06-13 09:57 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2018-06-09 18:34 - 2018-06-09 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-06-07 19:36 - 2018-06-07 19:36 - 067752149 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 9, Ep 10_ Head Games.mp4
2018-06-07 19:11 - 2018-06-07 19:11 - 067428038 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 12, Ep 5_ Quite a Spectacle.mp4
2018-06-07 13:08 - 2018-06-07 13:08 - 054842706 _____ C:\Users\ptichun\Downloads\What Does Not Guilty By Reason Of Insanity Mean.mp4
2018-06-07 12:41 - 2018-06-07 12:44 - 292067548 _____ C:\Users\ptichun\Downloads\CSI_ Reality! Real life Forensic Psychiatrist Tara Straker talks criminals.mp4
2018-06-07 12:34 - 2018-06-07 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-05 19:25 - 2018-06-05 19:26 - 084553979 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 2 Ep 6_ The Blood Trail.mp4
2018-06-05 19:17 - 2018-06-05 19:18 - 081292653 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 2 Ep 4_ Sex, Lies, and DNA.mp4
2018-06-05 16:38 - 2018-06-05 16:39 - 153315200 _____ C:\Users\ptichun\Downloads\Forensic Files in HD - Season 13 Ep 20_ DNA Dragnet.mp4
2018-06-05 16:28 - 2018-06-05 16:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-06-05 06:13 - 2018-06-05 06:15 - 156298723 _____ C:\Users\ptichun\Downloads\DNA The Secret of Photo 51.mp4
2018-06-04 03:18 - 2018-06-04 03:18 - 000043344 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2018-06-04 03:18 - 2018-06-04 03:18 - 000038968 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2018-06-04 03:18 - 2018-06-04 03:18 - 000035432 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2018-06-04 03:18 - 2018-06-04 03:18 - 000035408 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2018-06-03 18:50 - 2018-06-03 19:12 - 035851785 _____ C:\Users\ptichun\Downloads\Forensic Files Death By Poison Dessert Served Cold 2.mp4
2018-06-03 18:46 - 2018-06-03 19:11 - 042949657 _____ C:\Users\ptichun\Downloads\Forensic Files Death By Poison Dessert Served Cold 1.mp4
2018-06-03 18:26 - 2018-06-03 19:10 - 091985802 _____ C:\Users\ptichun\Downloads\Forensic Files_ Season 1 Ep 11 Outbreak.mp4
2018-06-03 09:07 - 2018-06-03 09:07 - 000001718 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-03 09:07 - 2018-06-03 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-03 09:05 - 2018-06-03 09:07 - 000000000 ____D C:\Program Files\iTunes
2018-05-25 07:39 - 2018-05-25 08:03 - 047050226 _____ C:\Users\ptichun\Downloads\Balancing Chemical Equations Practice Problems.mp4
2018-05-25 07:18 - 2018-05-25 07:38 - 053286552 _____ C:\Users\ptichun\Downloads\Introduction to Balancing Chemical Equations.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 14:23 - 2010-08-02 00:20 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Skype
2018-06-19 14:10 - 2014-09-03 10:46 - 000000000 ____D C:\Users\ptichun\Documents\Nogomet
2018-06-19 13:26 - 2015-06-11 13:14 - 000000898 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-19 10:25 - 2015-06-11 13:14 - 000000894 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-19 08:30 - 2009-07-13 21:34 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-19 08:30 - 2009-07-13 21:34 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-19 07:41 - 2016-09-25 09:03 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\Mozilla
2018-06-19 07:07 - 2011-05-29 18:00 - 000000000 ____D C:\Program Files\Canon
2018-06-19 07:04 - 2011-05-29 18:10 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Canon
2018-06-19 07:00 - 2009-07-13 19:37 - 000000000 ____D C:\windows\inf
2018-06-19 06:39 - 2014-11-20 22:07 - 000000000 ____D C:\ProgramData\WinZip
2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
2018-06-19 06:17 - 2011-10-06 00:08 - 000000007 _____ C:\windows\system32\ANIWZCSUSERNAME{DFD29AFC-4966-4800-9940-D36BB08AF495}
2018-06-19 06:17 - 2009-07-13 21:53 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-06-18 18:25 - 2014-11-16 12:16 - 000000000 ____D C:\windows\Minidump
2018-06-18 09:24 - 2016-03-21 09:15 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Opera Software
2018-06-18 06:34 - 2017-06-10 06:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-18 06:34 - 2015-08-18 13:44 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
2018-06-18 06:16 - 2011-12-03 20:04 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\vlc
2018-06-18 06:09 - 2009-12-26 23:02 - 000000000 ____D C:\Users\ptichun
2018-06-18 05:58 - 2009-12-26 12:34 - 000000000 ____D C:\Program Files\Google
2018-06-17 23:24 - 2009-07-13 19:37 - 000000000 ____D C:\windows\rescache
2018-06-17 21:51 - 2009-12-26 12:21 - 000730532 _____ C:\windows\system32\PerfStringBackup.INI
2018-06-14 15:04 - 2016-10-07 11:57 - 000000000 ____D C:\Users\ptichun\Documents\My Scans
2018-06-14 14:38 - 2018-03-30 14:16 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\BitTorrent
2018-06-14 03:20 - 2013-07-10 10:59 - 000000000 ____D C:\windows\system32\MRT
2018-06-14 03:09 - 2017-10-11 22:52 - 130354992 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-06-14 03:09 - 2009-12-28 02:55 - 130354992 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-06-13 12:56 - 2016-11-06 21:31 - 000000887 _____ C:\Users\ptichun\Desktop\BitTorrent.lnk
2018-06-13 12:56 - 2016-11-06 21:31 - 000000867 _____ C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-06-13 09:53 - 2015-05-03 11:39 - 000000000 ____D C:\Users\ptichun\Documents\My Filehippo Downloads
2018-06-13 06:47 - 2015-02-15 23:34 - 000846848 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2018-06-13 06:47 - 2015-02-15 23:34 - 000175616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2018-06-13 06:47 - 2009-12-26 12:29 - 000000000 ____D C:\windows\system32\Macromed
2018-06-13 06:40 - 2013-02-21 16:56 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-13 06:40 - 2013-02-21 16:56 - 000002100 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-07 14:28 - 2016-11-06 20:40 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-07 12:35 - 2015-06-11 13:14 - 000000000 ____D C:\Program Files\Dropbox
2018-06-03 12:38 - 2011-12-03 19:53 - 000000999 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-03 09:07 - 2016-09-14 09:42 - 000000000 ____D C:\Program Files\iPod

==================== Files in the root of some directories =======

2016-11-06 20:26 - 2016-11-06 20:28 - 007299584 _____ () C:\Users\ptichun\AppData\Roaming\agent.dat
2011-10-05 23:44 - 2011-10-05 23:44 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{BCB7DA77-C4C7-49FD-A240-0ABA917BDB77}.ini
2013-03-25 05:02 - 2015-01-27 19:35 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{DFD29AFC-4966-4800-9940-D36BB08AF495}.ini
2011-10-06 00:09 - 2015-07-19 19:24 - 000003284 _____ () C:\Users\ptichun\AppData\Roaming\ANIWZCS{DFD29AFC-4966-4800-9940-D36BB08AF495}
2018-06-18 09:21 - 2018-06-18 16:55 - 000082432 _____ (ahjqtbs) C:\Users\ptichun\AppData\Roaming\command.dll
2016-11-06 20:24 - 2016-11-06 20:24 - 000140288 _____ () C:\Users\ptichun\AppData\Roaming\Installer.dat
2016-11-06 20:26 - 2016-11-06 20:28 - 000018432 _____ () C:\Users\ptichun\AppData\Roaming\Main.dat
2014-11-20 23:07 - 2015-02-08 11:08 - 000000194 _____ () C:\Users\ptichun\AppData\Roaming\WB.CFG
2010-05-15 12:16 - 2010-05-15 12:16 - 000000000 _____ () C:\Users\ptichun\AppData\Roaming\wklnhst.dat
2011-04-02 19:17 - 2011-04-02 19:17 - 000001550 ___SH () C:\Users\ptichun\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
2015-09-27 09:08 - 2015-11-15 20:47 - 000183255 _____ () C:\Users\ptichun\AppData\Local\ars.cache
2015-09-27 09:08 - 2015-11-15 20:47 - 000441317 _____ () C:\Users\ptichun\AppData\Local\census.cache
2012-02-29 23:04 - 2018-04-18 16:03 - 000010240 _____ () C:\Users\ptichun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-22 12:29 - 2014-12-17 01:07 - 000000001 _____ () C:\Users\ptichun\AppData\Local\DSI.DAT
2015-09-26 09:40 - 2015-09-26 09:40 - 000000036 _____ () C:\Users\ptichun\AppData\Local\housecall.guid.cache
2011-01-21 12:27 - 2011-01-21 12:27 - 000004096 ____H () C:\Users\ptichun\AppData\Local\keyfile3.drm
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Latham.exe
2011-09-04 02:02 - 2011-09-04 02:02 - 000000000 _____ () C:\Users\ptichun\AppData\Local\Pnumog.bin
2011-09-04 02:02 - 2011-09-04 02:02 - 000000120 _____ () C:\Users\ptichun\AppData\Local\Pyegoxired.dat
2011-04-02 19:17 - 2011-04-02 19:17 - 000114688 ___SH (Microsoft Corporation) C:\Users\ptichun\AppData\Local\qgp.exe
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Quayside.exe
2015-09-27 09:05 - 2015-11-15 20:43 - 000000010 _____ () C:\Users\ptichun\AppData\Local\sponge.last.runtime.cache
2015-11-05 23:05 - 2015-11-05 23:06 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{3862AE44-B056-4D19-A9AE-2CE1126EBDB3}
2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{5AFA009C-BEA2-4175-AE4B-623C88EDD3C3}
2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{92397A79-A984-49F7-9392-161E9112C5B5}

Files to move or delete:
====================
C:\Program Files\Google\Chrome\Application\winhttp.dll

Some files in TEMP:
====================
2018-06-18 06:03 - 2018-06-18 06:03 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529327006RlVtmpdown.exe
2018-06-18 07:30 - 2018-06-18 07:30 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529332116RlVtmpdown.exe
2018-06-18 18:44 - 2018-06-18 18:45 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529372696RlVtmpdown.exe
2018-06-18 05:57 - 2018-06-18 05:57 - 000920448 _____ () C:\Users\ptichun\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2018-06-18 05:57 - 2018-06-18 05:57 - 000450370 _____ (Chi5 ) C:\Users\ptichun\AppData\Local\Temp\global_installer.exe
2018-06-18 05:58 - 2018-06-18 05:58 - 000768253 _____ (qwVbBgK7gezpge4ICzVj ) C:\Users\ptichun\AppData\Local\Temp\installer.exe
2017-04-23 18:47 - 2017-04-23 18:47 - 000739904 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-19 14:45 - 2017-07-19 14:45 - 000739904 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-10-20 18:37 - 2017-10-20 18:37 - 001856576 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-01-27 10:53 - 2018-01-27 10:53 - 001864256 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-19 16:54 - 2018-04-19 16:54 - 001884616 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-02-26 23:14 - 2018-02-26 23:22 - 081400536 _____ (KeepVid Studio ) C:\Users\ptichun\AppData\Local\Temp\keepvid-pro_full2578.exe
2018-06-19 07:04 - 2007-02-15 08:59 - 000308832 ____H (CANON INC.) C:\Users\ptichun\AppData\Local\Temp\Maint000.exe
2018-06-18 06:02 - 2018-06-18 06:02 - 000375522 _____ ( ) C:\Users\ptichun\AppData\Local\Temp\q2i3mrcvzix.exe
2018-04-10 20:30 - 2018-04-10 20:31 - 058834376 _____ (Skype Technologies S.A.) C:\Users\ptichun\AppData\Local\Temp\SkypeSetup.exe
2018-06-19 07:06 - 2007-05-14 09:01 - 000116328 _____ (CANON INC.) C:\Users\ptichun\AppData\Local\Temp\uninst.exe
2018-06-19 07:03 - 2007-01-05 17:10 - 000239200 ____R () C:\Users\ptichun\AppData\Local\Temp\uninstall.exe
2017-03-16 08:16 - 2017-03-16 08:17 - 014456872 _____ (Microsoft Corporation) C:\Users\ptichun\AppData\Local\Temp\vc_redist.x86.exe
2018-01-25 18:00 - 2018-01-25 18:00 - 000057346 _____ () C:\Users\ptichun\AppData\Local\Temp\{A126DDAB-F8EE-4019-8417-3D0F1A7B0149}-DropboxClient_42.4.114.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-17 23:15

==================== End of FRST.txt ============================
 
#6 ·
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19.06.2018
Ran by ptichun (19-06-2018 14:26:24)
Running from C:\Users\ptichun\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-12-27 06:01:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2101005229-1017427555-4036206314-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2101005229-1017427555-4036206314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2101005229-1017427555-4036206314-1002 - Limited - Enabled)
ptichun (S-1-5-21-2101005229-1017427555-4036206314-1000 - Administrator - Enabled) => C:\Users\ptichun

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Apple Application Support (32-bit) (HKLM\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9055C0A-F9F9-4EE1-8554-80BEBA0B43F4}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.255 - DivX, LLC)
Dropbox (HKLM\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Free CDA To MP3 Converter (HKLM\...\{B633C3BA-23BE-45E8-BF8B-9749FCBFA340}}_is1) (Version: 1.0.0.0 - Convert Audio Free)
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
FreeRIP MP3 Converter 5.5.0.2 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.5.0.2 - GreenTree Applications SRL)
GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}) (Version: 7.5.0.34 - Apple Inc.)
Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
iTunes (HKLM\...\{A0274977-870A-42EA-ACB8-E1AAFECB3855}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 172 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
KeepVid Pro(Build 7.1.2.1) (HKLM\...\KeepVid Pro_is1) (Version: 7.1.2.1 - KeepVid Studio)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0 (x86 en-US) (HKLM\...\Mozilla Firefox 61.0 (x86 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.0.6739 - Mozilla)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.41 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
Unity Web Player (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ptichun\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1070FA7D-D445-418E-B922-72AC5D65DB13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-05] (AVAST Software)
Task: {165F9D15-9CEC-4C98-80D5-CF5C9A4C0804} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {1AB0D5FD-9EC3-477C-9CC7-B7D4E9D13831} - System32\Tasks\{5D89B307-EDE2-4951-BD60-166E17D3AF2E} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {1DBA5D4C-29D8-42C9-8E2F-042A4D96D32D} - System32\Tasks\{AC862A04-40D6-4C73-97C2-21F65B9B2497} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {22B4AC95-006A-47F3-A56C-1D295ABFDABE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {257D7536-8D4E-4EC7-943C-649D6C8A41A5} - System32\Tasks\{CA68FBC6-1B51-44AA-80FD-2FEF85442571} => C:\windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Trioflex\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Trioflex\uninstall.dat" -a uninstallme 6A5B1B25-62DB-4563-A778-A94EA7139FD4 DeviceId=85946c09-325a-60e2-2064-214b59f2edab BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {29415BBD-E024-4DF4-971F-8CC1F3523306} - System32\Tasks\rivalingrivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
Task: {2FE78412-A181-4842-A8D3-0A7E1058146A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3B5418DF-29DB-4059-B277-1D0826F86CE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {3C836C34-7A58-47A6-BAC4-490B76105B68} - System32\Tasks\{50657BB7-E80B-4115-BBA3-D996EA7E6029} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {3D3DC4DD-752F-40D1-83D4-781DBE763F42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C} - System32\Tasks\FastDataX Task => C:\PROGRA~1\FASTDA~1\FASTDA~1.EXE
Task: {4CC0CDE3-9EA9-4341-8A89-F0721523D448} - System32\Tasks\{E07346AA-9B32-4523-A9EA-1BD45BF71D2D} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {4DF1AC09-F5DB-494A-95EC-AC233B237157} - System32\Tasks\{8C626080-7FFC-4A12-AC9D-BE0EE476C53D} => C:\Users\ptichun\AppData\Local\Ubisoft\The Settlers Online\nw.exe
Task: {55DB6796-D81F-4D12-B9D4-8B67DA45DD13} - System32\Tasks\{0029A57E-F760-48FA-802F-78B0B84C0CAC} => "c:\program files\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {5CB45FE8-F96B-4E51-A73D-19422B99F2A0} - System32\Tasks\hereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
Task: {6605221F-B551-4745-950B-73C5C88C38A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-13] (Adobe Systems Incorporated)
Task: {67357DE5-CB82-4735-886E-11D3067DD671} - System32\Tasks\gobsgobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
Task: {74867C31-8CF7-4CF0-A6B5-16539C311965} - System32\Tasks\swindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
Task: {762862D4-B57D-4178-A89F-8680DF2DAEAB} - System32\Tasks\analogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
Task: {85607212-AD9C-4CB9-BB31-7076F0FD9D44} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {877F6332-03CF-4A40-B390-8E0D65852BC8} - System32\Tasks\{17AA3959-20AD-4084-A48F-83BD0402FBA0} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {882F4CC5-109E-4A0C-AD0C-468269C35C9B} - System32\Tasks\dastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
Task: {92145C90-0F1A-4BB7-9A50-1F15F1E63384} - System32\Tasks\{B312BCDD-603F-4AD9-80AF-373EE41CBAFC} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {9DBBA833-D776-4F27-B8D9-AE67BDB17CC4} - System32\Tasks\{83A38A21-17D0-4618-9CFA-00C4D6DE7FDC} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {A23DDECB-365E-4BFF-BFAD-C1ABB20E3313} - System32\Tasks\analogs refuges teagleanalogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
Task: {AA79F2C4-C549-42EC-AA1C-204485F145A5} - System32\Tasks\{BF265605-086D-4482-AB78-3EF88BB2D2F5} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA} - System32\Tasks\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C} => C:\windows\system32\pcalua.exe -a C:\Users\ptichun\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {AC1F53B6-F7A2-4F7A-90FD-CFEC6C924700} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {ACB8185B-EEE8-4FD0-8784-B34D731704B0} - System32\Tasks\swindle cuspswindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
Task: {ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3} - System32\Tasks\bridesmaids-kepbridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
Task: {AEE33D35-A8BD-4090-9E49-BBFDDDCAD990} - System32\Tasks\{ED177097-B70A-4B0F-9051-4DA7833E365C} => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [2015-09-02] ()
Task: {B6D8396F-4F20-40C4-AB7F-4EFDF3B65C6C} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-06-14] (DivX, LLC)
Task: {BE9F58A7-E3FB-472A-8A14-7330306252B1} - System32\Tasks\dastardly_arbitragedastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
Task: {C28041AA-B571-46D8-A201-E27926C02F26} - System32\Tasks\hereafter_lobhereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
Task: {C3CFAE26-386D-4E74-8C1D-2174A477A639} - System32\Tasks\rivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
Task: {C831D44E-71AE-441A-810C-1DD78E21502B} - System32\Tasks\repertoiresrepertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
Task: {DEC0B544-75CA-409E-9430-D9804C5D8C86} - System32\Tasks\{907E8093-FE8D-418F-8045-769AF23EF5E5} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {E026396D-6587-4B7B-A9EA-394E079C5F5C} - System32\Tasks\repertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
Task: {E7804E13-2C25-434C-91AA-77F568488644} - System32\Tasks\gobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
Task: {EBDC4BAA-2978-44F5-8552-8928462F08DD} - \Palikan midar -> No File <==== ATTENTION
Task: {F322950B-4458-43CE-8E8D-29BFCEC36CF9} - System32\Tasks\bridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
Task: {F42E37B7-F9A2-4DEB-8B3F-00FF31EDBAE5} - System32\Tasks\{7D07CB32-6F90-4071-80A3-570BA974DF71} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&LastError=1618

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-05-15 18:59 - 2018-05-15 18:59 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-10-06 00:08 - 2011-10-06 00:08 - 000315392 _____ () C:\Program Files\D-Link\DWA-125 revA\ANPDApi.dll
2011-10-06 00:08 - 2009-10-19 18:59 - 000274432 _____ () C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll
2011-10-06 00:08 - 2009-07-07 19:49 - 000040960 _____ () C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
2018-06-07 12:32 - 2018-06-04 03:18 - 001107272 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2018-06-07 12:32 - 2018-06-04 03:18 - 002079048 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2018-06-07 12:33 - 2018-06-04 03:21 - 000106816 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000025408 _____ () C:\Program Files\Dropbox\Client\select.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000020808 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000042312 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000700736 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000021856 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000137032 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 001845600 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000022880 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000123200 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2018-06-07 12:32 - 2018-06-04 03:20 - 000112448 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000063312 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000031040 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000077120 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000399168 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2018-06-07 12:33 - 2018-06-04 03:21 - 000049984 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000027456 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000131392 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000120648 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000392520 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000028000 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000030536 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2018-06-07 12:33 - 2018-06-04 03:20 - 000182080 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2018-06-07 12:33 - 2018-06-04 03:20 - 000036672 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2018-06-07 12:33 - 2018-06-04 03:20 - 000032576 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000055104 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000064320 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000023376 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000021840 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000022864 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000066400 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000025440 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000152384 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 003863880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000091448 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 001798464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 001959232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000035136 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000155472 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000521544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000051024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000043336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000131400 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000219984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000204104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000067392 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000054616 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000030528 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000022880 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000022368 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000021856 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000022368 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000027496 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000355648 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2018-06-07 12:33 - 2018-06-04 03:21 - 000023904 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000025432 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-06-07 12:32 - 2018-06-04 03:18 - 000036312 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2018-06-07 12:33 - 2018-06-04 03:21 - 000021856 _____ () C:\Program Files\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000181064 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-06-07 12:33 - 2018-06-04 03:21 - 000030544 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-06-07 12:32 - 2018-06-04 03:19 - 000024384 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
2018-06-07 12:32 - 2018-06-04 03:19 - 001638208 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2018-06-07 12:33 - 2018-06-04 03:21 - 000026464 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000546632 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2018-06-07 12:32 - 2018-06-04 03:20 - 000359744 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-17 17:03 - 2017-11-17 17:03 - 000795648 _____ () C:\Program Files\DivX\DivX Media Server\avutil-55.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 002242560 _____ () C:\Program Files\DivX\DivX Media Server\avformat-57.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 001749504 _____ () C:\Program Files\DivX\DivX Media Server\avcodec-57.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 000068096 _____ () C:\Program Files\DivX\DivX Media Server\zlib.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 001947648 _____ () C:\Program Files\DivX\DivX Media Server\avfilter-6.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 000789504 _____ () C:\Program Files\DivX\DivX Media Server\swscale-4.dll
2017-11-17 17:03 - 2017-11-17 17:03 - 000325632 _____ () C:\Program Files\DivX\DivX Media Server\swresample-2.dll
2017-05-25 21:02 - 2017-05-25 21:02 - 001293824 _____ () C:\Program Files\Common Files\DivX Shared\Qt5.6\libGLESv2.dll
2017-12-14 22:14 - 2016-10-08 18:03 - 001506304 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2017-12-14 22:14 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2018-05-22 22:11 - 2018-05-22 22:11 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-22 22:11 - 2018-05-22 22:11 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-06-18 03:38 - 2018-06-18 03:38 - 000078274 _____ () C:\Program Files\Hexagon\cans.exe
2015-09-02 04:00 - 2015-09-02 04:00 - 010566352 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files\Skype\Phone\skypert.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-06-18 03:38 - 2018-06-18 03:38 - 000044824 _____ () C:\Program Files\postural\mccarren.exe
2018-06-18 06:03 - 2018-06-18 06:03 - 001917576 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
2018-06-18 06:03 - 2018-06-18 06:03 - 083467776 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libcef.dll
2018-06-18 06:03 - 2018-06-18 06:03 - 003723264 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libglesv2.dll
2018-06-18 06:00 - 2018-06-18 06:00 - 000079872 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libegl.dll
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Program Files\Groundstrokes\Quayside.exe
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Latham.exe
2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4C235DA4 [140]
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7587 more sites.

IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-01 20:38 - 2018-06-18 06:06 - 000033749 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 www.virustotal.com
192.192.3.8 virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F58C4E7F-A20D-4314-8EE2-3353CD189FFE}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{3A26792F-D603-4F1D-8198-BFB4189E9009}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{2F1C67D4-DF90-4E08-B7D4-6AD6BC5FF6FA}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{4ED7722A-32D9-467A-91E8-56D52623C89A}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{1C5BBB73-24B4-46AB-A99D-8A01505E05DB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B2222B06-246C-40B8-BC70-E0ABDD0EFC66}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
FirewallRules: [{3AE0E1E4-8DAE-4D95-BFC5-029D1D3FD1A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{235A9551-3F1D-440C-8D8A-E8600D2EE798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04FBA004-6FF9-4861-8EE1-56EE6C9F907F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BEED8D46-A598-4741-9637-6BEF855555D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{48A8E8FB-6918-4015-B06F-C250F83F1B8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{78186ED7-EF40-48CC-8FC4-3E295B191589}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{9EE77CB6-4724-4BA3-A3C1-8FC2DBC1D840}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{03175EB7-3FEE-46DC-9547-4133DB5347CB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A09784CA-C739-4513-B524-5247F12B44C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{DFE40FDF-E2D2-4CDB-86BB-E1BCFCD84E8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{42DAA181-D573-463B-973B-C17118E8B71A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D0CDFA5B-F776-45D6-B65E-1E3B763337F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{044BF0BC-EE76-491E-BA53-E20B9C0F751B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{04B1CB2E-915A-42CB-B897-6EA2F1A486C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3228F869-1172-4646-AA30-5772ECC187FD}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{DC964890-2C91-4E3B-B989-49B349478DE8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{684C3DDA-192B-4884-AFDD-80064B631D1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{7279AD27-F293-4E92-8DB4-A387AC9EB8ED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3CD7F440-81D7-4548-BC3B-85889D00F8F3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{CDC82F41-207C-415E-B75E-CE92ECC666B4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{AD722E30-3CB1-45E6-9CA5-85DA5C62B7D3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5540A555-338F-4820-8BE9-B05B87552457}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{1E7851FF-D141-4821-9523-C79E8AB3E76B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DB475606-1703-47BF-8A0D-49C8528DA15A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{5E9F43A6-040E-451E-AEDC-1CB40FFC8C49}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{6A0B4ADB-A2D1-4B10-B55D-3771B0B635B9}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{04234296-B683-48C0-A326-8EF6737D5EB7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{C5224D0A-E0F3-4D7D-96E8-60C5ABC6547D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C8BE59A2-F315-45B7-831B-609E510C457D}] => (Allow) C:\Program Files\Veetle\Player\VeetleNet.exe
FirewallRules: [{D608F237-43C7-4895-A595-6B17A9A0063C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D8A89442-BE6E-46EB-A6C1-510BB93FAF0B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A893AAA-EF46-411D-BC07-438304246DAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD65711D-B783-4387-9A27-FED1DA3989CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9354B2C-CCCA-4F2C-BF99-2FE9B4AADDEF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A63527C-770A-4AC3-BCE3-21EC837FD94D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{730932D4-3E39-4276-BDF2-5EE517A0CC2D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{03F0A29A-3B36-452F-9432-3CDDFC555603}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E70ED5F2-58F0-4326-B02A-82BA05E41DF6}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{851BEE00-CF9A-4D13-8103-D727716A94DA}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4FCC4FCC-F298-42A9-B317-55CF7986E497}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{286CE097-A396-4AB9-B77C-D1DA27EBCAA8}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{35B57A6A-F55D-48D8-A0B5-F6FD052AB38D}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1A70C3FF-9B63-4885-98E4-4931769A5F13}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [UDP Query User{BB40DAA9-CF7B-435C-AC6F-50964B50AB51}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [TCP Query User{273DCA66-8832-4A79-8D20-89EFAEC4A0DA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{758A20DA-50AB-4FF7-BC5C-8F3FD63A72AB}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7777DD37-6752-42EC-84A9-18D9AB57E056}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [TCP Query User{60ED8360-6B76-4086-B538-1D44623A493A}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{C3D60C63-4B57-4C80-B791-FA0E65523CF5}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{774A6AF2-B065-4230-B394-0B1C84B05451}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{986D79ED-557C-4624-8111-63BAC192F35F}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
FirewallRules: [{BFEC80C0-BFA1-43BD-AD0B-372E812A7575}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3149A7D8-5F59-45E4-B6F7-198ED9FFAD91}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A84E385-68D1-4B63-A44A-E5B0EEACB422}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{0E55C1BD-C9F2-45CF-8688-E09FF1EE9D05}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{EBCBCEA2-B0A5-474A-B60C-03EFB408AFD5}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5A5AE529-C631-4D4F-8061-E6596F7494B4}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{60152734-99A4-49A7-A24D-AA050D415BBC}] => (Allow) C:\Program Files\Dissatisfied\Latham.exe
FirewallRules: [{7C427782-67AA-46FC-98C4-52938688D051}] => (Allow) C:\Program Files\Groundstrokes\Latham.exe
FirewallRules: [{B88E0081-D72B-4FEA-A0D9-83C6B259376B}] => (Allow) C:\Program Files\schelling\Quayside.exe
FirewallRules: [{D71C866B-2F4F-4849-BEAA-1246272E8D54}] => (Allow) C:\Program Files\Groundstrokes\Quayside.exe

==================== Restore Points =========================

07-06-2018 12:39:29 Windows Update
11-06-2018 08:49:53 Windows Update
14-06-2018 03:00:21 Windows Update
17-06-2018 14:34:44 Windows Update
19-06-2018 06:27:08 Removed WinZip 22.0.
19-06-2018 06:53:20 Microsoft Antimalware Checkpoint

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2018 06:48:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 235c

Start Time: 01d407d4178bb72b

Termination Time: 119

Application Path: C:\Program Files\Dissatisfied\Latham.exe

Report Id: 68fa4964-73c7-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:48:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c50

Start Time: 01d407d248d7feee

Termination Time: 0

Application Path: C:\Program Files\Groundstrokes\Quayside.exe

Report Id: 57846d31-73c7-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 196c

Start Time: 01d407d3da2be8ec

Termination Time: 34

Application Path: C:\Program Files\Dissatisfied\Latham.exe

Report Id: 50552df3-73c7-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:47:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1700

Start Time: 01d407d3f47b864c

Termination Time: 175

Application Path: C:\Program Files\Dissatisfied\Latham.exe

Report Id: 43470223-73c7-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:46:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f88

Start Time: 01d407d256b8c013

Termination Time: 0

Application Path: C:\Users\ptichun\AppData\Local\Latham.exe

Report Id: 99f7c51d-73c6-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:46:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10ec

Start Time: 01d407d036d5a8ee

Termination Time: 10322

Application Path: C:\Program Files\Dissatisfied\Latham.exe

Report Id: 103af06a-73c7-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:44:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d3c

Start Time: 01d407d223257b00

Termination Time: 395

Application Path: C:\Program Files\schelling\Quayside.exe

Report Id: c5882429-73c6-11e8-b0e0-002622ebfd92

Error: (06/19/2018 06:43:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b60

Start Time: 01d407d250c27a9a

Termination Time: 8870

Application Path: C:\Program Files\schelling\Quayside.exe

Report Id: b68bdcbd-73c6-11e8-b0e0-002622ebfd92

System errors:
=============
Error: (06/19/2018 07:39:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.269.1570.0).

Error: (06/19/2018 07:34:56 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.269.1570.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.14901.4

Error code: 0x80070643

Error description: Fatal error during installation.

Error: (06/19/2018 06:26:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/19/2018 06:21:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (06/19/2018 06:21:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/19/2018 06:20:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The saiyi technology limit service terminated unexpectedly. It has done this 1 time(s).

Error: (06/19/2018 06:18:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2

Error: (06/19/2018 06:05:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================

Date: 2014-07-17 13:20:48.740
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:48.484
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:48.247
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:47.945
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:47.603
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:47.179
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:46.779
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-17 13:20:46.579
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 75%
Total physical RAM: 2908.64 MB
Available physical RAM: 727.12 MB
Total Virtual: 5815.63 MB
Available Virtual: 1778.99 MB

==================== Drives ================================

Drive c: (S3A8047D003) (Fixed) (Total:434.43 GB) (Free:21.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:191.54 GB) NTFS

\\?\Volume{20840fd0-f251-11de-9706-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 0A2C9096)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=434.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.2 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=10.7 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 00038A56)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#7 ·
Hello ptichun :)

P2P Advisory!
IMPORTANT
There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

As long as you have the P2P program(s) installed, I will offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and I will mark this thread New so you can wait for another helper. Otherwise, there are instructions for removing it in the next step.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

If you would like to continue receiving help, please complete the following steps:

Step one...

Uninstall Programs
  • Click on Start.
  • Enter appwiz.cpl into the Search programs and files text box and press Enter.
  • Locate the following programs:
    BitTorrent
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.
Step two...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Step three...

MGA Diagnostic Tool
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run as adminsitrator.
  • Click on Continue to run the scan.
  • Once the scan is finished click Copy to copy the results. Paste them in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Confirmation that you removed any P2P software from your computer
  • ckfiles.txt
  • MGADiag report
  • Are there any changes in computer behavior?
 
#8 · (Edited)
Hello,
1. I have removed P2P software (bittorrent).

2.
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\cracked.py
c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\cracked.pyc
c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\crackle.py
c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\crackle.pyc
c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\ws_extractor\crackle.py
c:\users\ptichun\music\leftover_crack-shoot_the_kids_at_school-2001_160k\00-leftover_crack-shoot_the_kids_at_school-2001.sfv
c:\users\ptichun\music\ruts - the crack\desktop.ini
c:\users\ptichun\music\ruts - the crack\thumbs.db
scanner sequence 3.DD.11.KOAPHZ
----- EOF -----

3. MGA Diag report is below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {E6FCABF4-3544-46E2-8FF3-7B683674E831}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr_escrow.180528-1700
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E6FCABF4-3544-46E2-8FF3-7B683674E831}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-2101005229-1017427555-4036206314</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L500</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.10</Version><SMBIOSVersion major="2" minor="5"/><Date>20100506000000.000000+000</Date></BIOS><HWID>E9803707018400F8</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65174</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800057-02-1033-7600.0000-2322009
Installation ID: 007423778012396696249695318685259070098556041196088036
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: W8DQG
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 19/06/2018 10:25:10 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:3:2018 09:48
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAIAAAABAAAABAABAAEAeqjohFRo2np6iwi4bFrM4Y6MfHAzZ1H0Rso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC TOSCPL TOSCPL00
OSFR TOSHIB A+2nd ID
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT
 
#9 ·
Hello ptichun :)

Cracked/Illegal Software Warning

Your computer has a cracked copy of Microsoft Office 2007 installed. Not only is cracked software stealing and therefore illegal, it is also a great way to get infected. Please remove all cracked or otherwise illegal software on your computer before we proceed.

Source: Software Cracks: A Great Way to Infect Your PC

Please confirm that you have removed all cracked software from your computer.

Regards,
capnkrunch
 
#10 ·
Hi capnkrunch

I understand what you are saying in the above reply to my post. But I need help on removing cracked software. How do I know which software is cracked???? What would you like me to do??? Please help with this computer.

Regards,
ptichun
 
#11 ·
Hello ptichun :)

By cracked software, I mean any paid software that you have installed but not paid for. For example, your copy of Microsoft Office is clearly pirated and needs to be uninstalled before we continue.

Regards,
capnkrunch
 
#13 ·
Hello ptichun :)

We'll remove it in a FRST fix later. For now, let's continue.

Step one...

FRST Fix
  • You should still have FRST.exe in your Downloads folder. If not please download it HERE.
  • Right click on FRST.exe and select Run as administrator.
  • Press CTRL + Y (the Control and Y keys at the same time). A blank file named fixlist.txt will open.
  • Copy and paste the following into the it (do not include the word Code:).
    Code:
    CreateRestorePoint:
    Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
    Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
    VirusTotal: C:\Program Files\Hexagon\cans.exe;C:\Program Files\postural\mccarren.exe;C:\Program Files\Groundstrokes\Quayside.exe;C:\Users\ptichun\AppData\Local\Latham.exe;C:\Program Files\Mozilla Firefox\firefoxJu.exe;C:\Program Files\Dissatisfied\Latham.exe;C:\Program Files\schelling\Quayside.exe;C:\windows\grail.exe;C:\Program Files\obo\obo.exe
    Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
    Folder: C:\Program Files\NCWS1MPIV7
    Folder: C:\windows\b8998883
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save the file by clicking File -> Save.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Downloads folder where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step two...

AdwCleaner - Scan Only
  • Please download AdwCleaner by [Malwarebytes and save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Do not attempt to clean anything at this point.
  • Click on the Logfile button.
  • This will open a file, AdwCleaner[Sx].txt (where x is the number of times it has been run. Copy and paste the contents of that logfile in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • fixlog.txt
  • AdwCleaner[Sx].txt
  • Are there any changes in computer behavior?
 
#14 ·
Fix result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by ptichun (21-06-2018 14:56:15) Run:1
Running from C:\Users\ptichun\Downloads
Loaded Profiles: ptichun (Available Profiles: ptichun & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
VirusTotal: C:\Program Files\Hexagon\cans.exe;C:\Program Files\postural\mccarren.exe;C:\Program Files\Groundstrokes\Quayside.exe;C:\Users\ptichun\AppData\Local\Latham.exe;C:\Program Files\Mozilla Firefox\firefoxJu.exe;C:\Program Files\Dissatisfied\Latham.exe;C:\Program Files\schelling\Quayside.exe;C:\windows\grail.exe;C:\Program Files\obo\obo.exe
Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
Folder: C:\Program Files\NCWS1MPIV7
Folder: C:\windows\b8998883
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}\\SystemComponent" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}\\SystemComponent" => removed successfully.
VirusTotal: C:\Program Files\Hexagon\cans.exe => (3) Error
VirusTotal: C:\Program Files\postural\mccarren.exe => (3) Error
VirusTotal: C:\Program Files\Groundstrokes\Quayside.exe => (3) Error
VirusTotal: C:\Users\ptichun\AppData\Local\Latham.exe => (3) Error
VirusTotal: C:\Program Files\Mozilla Firefox\firefoxJu.exe => (3) Error
VirusTotal: C:\Program Files\Dissatisfied\Latham.exe => (3) Error
VirusTotal: C:\Program Files\schelling\Quayside.exe => (3) Error
VirusTotal: C:\windows\grail.exe => (3) Error
VirusTotal: C:\Program Files\obo\obo.exe => (3) Error

========================= Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0 ========================

====== End of Folder: ======

========================= Folder: C:\Program Files\NCWS1MPIV7 ========================

2018-06-18 18:45 - 2018-06-18 18:45 - 000000038 ____A [D836B45425E99F522EF79FD0DCCB8283] () C:\Program Files\NCWS1MPIV7\cast.config
2018-06-18 18:45 - 2018-06-18 18:45 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\NCWS1MPIV7\E8FF9SNMI.exe.config
2018-06-18 18:45 - 2018-06-18 18:45 - 000028672 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files\NCWS1MPIV7\uninstaller.exe
2018-06-18 18:45 - 2018-06-18 18:45 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\NCWS1MPIV7\uninstaller.exe.config

====== End of Folder: ======

========================= Folder: C:\windows\b8998883 ========================

C:\windows\b8998883 => File

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 428597475 B
Java, Flash, Steam htmlcache => 6478 B
Windows/system/drivers => 1821342004 B
Edge => 0 B
Chrome => 102465993 B
Firefox => 395976602 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 30781266 B
ptichun => 1478925639 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:22:34 ====
 
#15 ·
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-19.4
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-21-2018
# Duration: 00:01:32
# OS: Windows 7 Home Premium
# Scanned: 41244
# Detected: 140

***** [ Services ] *****

PUP.Optional.Legacy saiyitechnology
PUP.Optional.ProxyGate pgt_svc

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0814TB
PUP.Optional.AnonymizerGadget C:\Users\ptichun\AppData\Roaming\AGData
PUP.Optional.Conduit.A C:\Users\ptichun\AppData\Roaming\RHEng
PUP.Optional.FastDataX C:\Users\ptichun\AppData\Roaming\FastDataX
PUP.Optional.Legacy C:\Program Files\BestCleaner
PUP.Optional.Legacy C:\ProgramData\yahoochrome_D
PUP.Optional.Legacy C:\Program Files\AnonymizerGadget
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\Local\StormFall
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.OneSystemCare C:\Users\ptichun\AppData\Roaming\OneSystemCare
PUP.Optional.PCCleanerPro C:\Program Files\PRO PC Cleaner
PUP.Optional.ProxyGate C:\Program Files\ProxyGate
PUP.Optional.WeatherBuddy C:\Users\ptichun\AppData\Local\ImpaqSpeed
Trojan.Agent C:\Users\ptichun\AppData\Roaming\WidModule

***** [ Files ] *****

PUP.Optional.Legacy C:\TOSTACK
PUP.Optional.Legacy C:\Users\ptichun\Downloads\SysInfo.exe
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Installer.dat
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Main.dat
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\agent.dat

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.FastDataX C:\Windows\System32\Tasks\FastDataX Task

***** [ Registry ] *****

Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.TryMedia HKLM\Software\Trymedia Systems
PUP.Adware.Heuristic HKLM\SOFTWARE\8708599B-3BBC-4B76-A14D-2FA06B5C3036
PUP.Adware.Heuristic HKCU\SOFTWARE\43AEEF6FF6F2DBBCCEDDB67AA85124CF
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7242BBD-9BA6-4C7E-9AF6-7767D7AA600}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0507080-F6ED-49BE-9C80-EAAB9F3634D}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87AC2DB-DCFA-44FD-A089-6881BC770CB}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92B327C2-9820-4FB0-980-2290D254ACFB}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DA2428B-9133-4315-9C58-43CAF46381}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6439FBDD-3AFA-4644-AB3F-2D1B8C99FFE3}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{572B6F0E-6185-4070-B410-172D72C21D80}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1826A1CA-9B3-4C3D-8BE9-92D2541A6E80}
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mytransitguide.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
PUP.Optional.AuslogicsDriverUpdater HKU\S-1-5-18\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater HKCU\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater HKU\.DEFAULT\Software\Auslogics
PUP.Optional.BestCleaner HKCU\Software\Microsoft\BigTime
PUP.Optional.BrowseFox HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\AtuZi
PUP.Optional.CleanMyPC HKCU\Software\Reg\Clean
PUP.Optional.CleanMyPC HKLM\Software\Reg\Clean
PUP.Optional.DiskPower HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.DolphinDeals HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Dolphin Deals
PUP.Optional.FastDataX HKCU\Software\FastDataX
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Microsoft\DMunversion
PUP.Optional.Legacy HKLM\Software\pcv-var
PUP.Optional.Legacy HKCU\Software\ICSW1.23
PUP.Optional.Legacy HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKLM\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKCU\Software\MICROSOFT\OTUT
PUP.Optional.Legacy HKLM\Software\imalcom
PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\Companion
PUP.Optional.Legacy HKLM\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\vShare
PUP.Optional.Legacy HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKCU\Software\Bitberry
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
PUP.Optional.Legacy HKCU\Software\Classes\Applications\interstatnogui.exe
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{82443621-A29A-473E-8335-F5C958A7A4CA}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{2C09954F-CDA8-4BD1-8794-1D543E050378}
PUP.Optional.Legacy HKLM\Software\Classes\Sample.YTBPartnerSample
PUP.Optional.Legacy HKLM\Software\Classes\Sample.BrowserHandler
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\imgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akz.imgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
PUP.Optional.OneSystemCare HKCU\Software\One System Care
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.RRSavings HKLM\Software\RrFilter
PUP.Optional.Tuto4PC HKCU\Software\MICROSOFT\wewewe
PUP.Optional.WeatherAlerts HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrIncub
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\MPrForShutT
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrAmNP
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\NSaveA
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\APreSam
PUP.Optional.WeatherBuddy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ImpaqSpeed
PUP.Optional.WeatherBuddy HKCU\Software\Melasys LLC
PUP.Optional.WeatherBuddy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.BrowserHunt Browser Hunt SafeFinder
PUP.Optional.MountainBrowse Mountain Browse

***** [ Chromium URLs ] *****

PUP.Optional.Legacy http://feed.helperbar.com/?p=mKO_Aw...rxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
PUP.Optional.Legacy WebSearch
PUP.Optional.Legacy Ask

***** [ Firefox (and derivatives) ] *****

PUP.Optional.BrowseToSave SaveFrom.net helper

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#16 ·
Hello ptichun :)

Let's start cleaning some of this junk out. Note: we will also be removing some torrented movies because I suspect they contributed to your infection.

Step one...

Uninstall Programs
  • Click on Start.
  • Enter appwiz.cpl into the Search programs and files text box and press Enter.
  • Locate the following programs:
    Free CDA To MP3 Converter
    Free File Viewer 2014
    FreeRIP MP3 Converter 5.5.0.2
    Impaq Speed
    McAfee Security Scan Plus
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step two...

AdwCleaner - Scan and Clean
  • You should still have adwcleaner.exe on your Desktop. If not please download it HERE.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Click on Cleaning.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot a log will open AdwCleaner[Cx].txt (where x is the number of times it has been run). Copy and paste the contents of that logfile in your reply.

Step three...

FRST Fix
  • You should still have FRST.exe in your Downloads folder. If not please download it HERE.
  • Right click on FRST.exe and select Run as administrator.
  • Press CTRL + Y (the Control and Y keys at the same time). A blank file named fixlist.txt will open.
  • Copy and paste the following into the it (do not include the word Code:).
    Code:
    CreateRestorePoint:
    HKLM\...\Run: [Flayed] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Lentz] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Catastrophic] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Lady] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Scapegoats] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Bellotti] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Mclarty] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Cleave] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Momentum] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Featherbedding] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Harmonies] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Shucks] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [mccarren] => C:\Program Files\postural\mccarren.exe [44824 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [caper] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [ImpaqSpeed] => C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15774312 2018-05-21] (Melasys)
    HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\MountPoints2: {2a329238-ce02-11e0-a84e-002622ebfd92} - E:\LaunchU3.exe
    Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenville.lnk [2018-06-18]
    ShortcutTarget: greenville.lnk -> C:\Program Files\Dissatisfied\Latham.exe ()
    Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenvillegreenville.lnk [2018-06-18]
    ShortcutTarget: greenvillegreenville.lnk -> C:\Program Files\schelling\Quayside.exe ()
    BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
    GroupPolicy: Restriction ? <==== ATTENTION
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
    CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFemqrj-rMQQYj9WvYBYE0FaarNOnhNvfXQvx34KwIzzvuTrxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFdpFkfzNnKpPJ44zANdI60m5hktFaXgRfspziMfcD_lYJ237M_pxFV-_TtqK9cHMupac8pqa-cYrPU1XsK6LW-iQYYA,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR Extension: (Browser Hunt) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-09-11]
    CHR Extension: (Simple Finder Multi Region) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-06-18]
    CHR Extension: (System Table) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-18]
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) [File not signed]
    S2 pgt_svc; C:\Program Files\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
    S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop186.exe [517432 2018-05-21] (PandaViewer)
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
    ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
    ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
    Task: {22B4AC95-006A-47F3-A56C-1D295ABFDABE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
    Task: {257D7536-8D4E-4EC7-943C-649D6C8A41A5} - System32\Tasks\{CA68FBC6-1B51-44AA-80FD-2FEF85442571} => C:\windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Trioflex\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Trioflex\uninstall.dat" -a uninstallme 6A5B1B25-62DB-4563-A778-A94EA7139FD4 DeviceId=85946c09-325a-60e2-2064-214b59f2edab BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-05] (AVAST Software)
    Task: {29415BBD-E024-4DF4-971F-8CC1F3523306} - System32\Tasks\rivalingrivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
    Task: {3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C} - System32\Tasks\FastDataX Task => C:\PROGRA~1\FASTDA~1\FASTDA~1.EXE
    Task: {5CB45FE8-F96B-4E51-A73D-19422B99F2A0} - System32\Tasks\hereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
    Task: {67357DE5-CB82-4735-886E-11D3067DD671} - System32\Tasks\gobsgobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
    Task: {74867C31-8CF7-4CF0-A6B5-16539C311965} - System32\Tasks\swindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
    Task: {762862D4-B57D-4178-A89F-8680DF2DAEAB} - System32\Tasks\analogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
    Task: {882F4CC5-109E-4A0C-AD0C-468269C35C9B} - System32\Tasks\dastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
    Task: {A23DDECB-365E-4BFF-BFAD-C1ABB20E3313} - System32\Tasks\analogs refuges teagleanalogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
    Task: {AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA} - System32\Tasks\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C} => C:\windows\system32\pcalua.exe -a C:\Users\ptichun\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
    Task: {ACB8185B-EEE8-4FD0-8784-B34D731704B0} - System32\Tasks\swindle cuspswindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
    Task: {ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3} - System32\Tasks\bridesmaids-kepbridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
    Task: {BE9F58A7-E3FB-472A-8A14-7330306252B1} - System32\Tasks\dastardly_arbitragedastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
    Task: {C28041AA-B571-46D8-A201-E27926C02F26} - System32\Tasks\hereafter_lobhereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
    Task: {C3CFAE26-386D-4E74-8C1D-2174A477A639} - System32\Tasks\rivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
    Task: {C831D44E-71AE-441A-810C-1DD78E21502B} - System32\Tasks\repertoiresrepertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
    Task: {E026396D-6587-4B7B-A9EA-394E079C5F5C} - System32\Tasks\repertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
    Task: {E7804E13-2C25-434C-91AA-77F568488644} - System32\Tasks\gobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
    Task: {EBDC4BAA-2978-44F5-8552-8928462F08DD} - \Palikan midar -> No File <==== ATTENTION
    Task: {F322950B-4458-43CE-8E8D-29BFCEC36CF9} - System32\Tasks\bridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
    Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
    IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\webcompanion.com -> hxxp://webcompanion.com
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:4C235DA4 [140]
    AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]
    FirewallRules: [TCP Query User{2F1C67D4-DF90-4E08-B7D4-6AD6BC5FF6FA}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
    FirewallRules: [UDP Query User{4ED7722A-32D9-467A-91E8-56D52623C89A}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
    FirewallRules: [TCP Query User{1C5BBB73-24B4-46AB-A99D-8A01505E05DB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{B2222B06-246C-40B8-BC70-E0ABDD0EFC66}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
    FirewallRules: [{03F0A29A-3B36-452F-9432-3CDDFC555603}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E70ED5F2-58F0-4326-B02A-82BA05E41DF6}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{851BEE00-CF9A-4D13-8103-D727716A94DA}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{4FCC4FCC-F298-42A9-B317-55CF7986E497}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{286CE097-A396-4AB9-B77C-D1DA27EBCAA8}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{35B57A6A-F55D-48D8-A0B5-F6FD052AB38D}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [TCP Query User{1A70C3FF-9B63-4885-98E4-4931769A5F13}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
    FirewallRules: [UDP Query User{BB40DAA9-CF7B-435C-AC6F-50964B50AB51}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
    FirewallRules: [{7777DD37-6752-42EC-84A9-18D9AB57E056}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
    FirewallRules: [{EBCBCEA2-B0A5-474A-B60C-03EFB408AFD5}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{5A5AE529-C631-4D4F-8061-E6596F7494B4}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{60152734-99A4-49A7-A24D-AA050D415BBC}] => (Allow) C:\Program Files\Dissatisfied\Latham.exe
    FirewallRules: [{7C427782-67AA-46FC-98C4-52938688D051}] => (Allow) C:\Program Files\Groundstrokes\Latham.exe
    FirewallRules: [{B88E0081-D72B-4FEA-A0D9-83C6B259376B}] => (Allow) C:\Program Files\schelling\Quayside.exe
    FirewallRules: [{D71C866B-2F4F-4849-BEAA-1246272E8D54}] => (Allow) C:\Program Files\Groundstrokes\Quayside.exe
    2018-06-18 07:29 - 2018-06-18 07:46 - 000000000 ____D C:\Program Files\CY7UKLC70G
    2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\uf3r21up1fz
    2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\74B1NTFBRT
    2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\se4whuag0ky
    2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\f4rbsw5zee1
    2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\ZL9TZMZ5PE
    2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\M41QM9F4J5
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\qhtybw0wvmx
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\moztjnjsxyu
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\e32exah2ukl
    2018-06-18 06:27 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\c5koq5i2kl1
    2018-06-18 06:23 - 2018-06-18 06:23 - 000000000 ____D C:\Program Files\ZP5JQ90FKY
    2018-06-18 06:15 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AT31O40NII
    2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5k4lcptyol1
    2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3z5gjlt5qci
    2018-06-18 06:14 - 2018-06-18 06:15 - 000000000 ____D C:\Program Files\4OV5D3E3ZM
    2018-06-18 06:14 - 2018-06-18 06:14 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\spog5xmyzlf
    2018-06-18 06:07 - 2018-06-18 06:07 - 000000012 _____ C:\windows\b8998883
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\windows\grail.exe
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Quayside.exe
    2018-06-18 06:06 - 2018-06-18 06:07 - 000000000 ____D C:\Program Files\ProxyGate
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\postural
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\Groundstrokes
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ____D C:\Program Files\obo
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\schelling
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Hexagon
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Dissatisfied
    2018-06-18 06:04 - 2018-06-18 18:46 - 000000000 ____D C:\ProgramData\yahoochrome_D
    2018-06-18 06:04 - 2018-06-18 06:05 - 000000000 ____D C:\Users\ptichun\AppData\Local\Package Cache
    2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\w3bxmavwtvf
    2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Program Files\L1L39K74D5
    2018-06-18 06:02 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\0756KZBAPD
    2018-06-18 06:02 - 2018-06-18 06:43 - 000000000 ____D C:\Program Files\Multitimer
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\acnfk1yolmo
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AAAZZZ
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\7IYDGNJIHD
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\gpezmwclh54
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3nwf3zdl1oa
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\HLQVFPEM5V
    2018-06-18 06:00 - 2018-06-18 06:00 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5a55opst0te
    2018-06-18 05:59 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\U33K7RH5VK
    2018-06-18 05:58 - 2018-06-19 06:25 - 000000000 ____D C:\Program Files\AnonymizerGadget
    2018-06-18 05:58 - 2018-06-19 06:24 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\WidModule
    2018-06-18 05:58 - 2018-06-19 06:10 - 000000000 ____D C:\Program Files\ios0vrked4g
    2018-06-18 05:58 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\85ZBGYIRU1
    2018-06-18 05:58 - 2018-06-18 06:48 - 000000000 ____D C:\Program Files\cleanComputerNew
    2018-06-18 05:58 - 2018-06-18 06:06 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\AGData
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001094 _____ C:\Users\ptichun\Desktop\Adult Dating.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Warframe.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Crossout.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001086 _____ C:\Users\ptichun\Desktop\Win iPhone X.lnk
    2018-06-18 05:50 - 2018-06-18 05:50 - 000763096 _____ (WinZip Computing, S.L.) C:\Users\ptichun\Downloads\winzip22.exe
    2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
    2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
    2018-06-18 06:09 - 2018-06-18 06:09 - 002948240 _____ (BitTorrent Inc.) C:\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264
    2018-06-18 05:28 - 2018-06-18 05:28 - 000732164 _____ C:\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar
    2018-06-13 13:08 - 2018-06-13 13:08 - 000000000 ____D C:\Users\ptichun\Downloads\The.Incredibles.2.DVDrip
    2018-06-13 12:55 - 2018-06-13 12:58 - 000000000 ____D C:\Users\ptichun\Downloads\The Incredibles (2004)
    2018-06-19 06:17 - 2011-10-06 00:08 - 000000007 _____ C:\windows\system32\ANIWZCSUSERNAME{DFD29AFC-4966-4800-9940-D36BB08AF495}
    2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
    2018-06-14 14:38 - 2018-03-30 14:16 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\BitTorrent
    2018-06-13 12:56 - 2016-11-06 21:31 - 000000887 _____ C:\Users\ptichun\Desktop\BitTorrent.lnk
    2018-06-13 12:56 - 2016-11-06 21:31 - 000000867 _____ C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2011-10-05 23:44 - 2011-10-05 23:44 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{BCB7DA77-C4C7-49FD-A240-0ABA917BDB77}.ini
    2013-03-25 05:02 - 2015-01-27 19:35 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{DFD29AFC-4966-4800-9940-D36BB08AF495}.ini
    2011-10-06 00:09 - 2015-07-19 19:24 - 000003284 _____ () C:\Users\ptichun\AppData\Roaming\ANIWZCS{DFD29AFC-4966-4800-9940-D36BB08AF495}
    2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
    2011-04-02 19:17 - 2011-04-02 19:17 - 000001550 ___SH () C:\Users\ptichun\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
    2015-11-05 23:05 - 2015-11-05 23:06 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{3862AE44-B056-4D19-A9AE-2CE1126EBDB3}
    2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{5AFA009C-BEA2-4175-AE4B-623C88EDD3C3}
    2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{92397A79-A984-49F7-9392-161E9112C5B5}
    2011-09-04 02:02 - 2011-09-04 02:02 - 000000000 _____ () C:\Users\ptichun\AppData\Local\Pnumog.bin
    2011-09-04 02:02 - 2011-09-04 02:02 - 000000120 _____ () C:\Users\ptichun\AppData\Local\Pyegoxired.dat
    C:\ProgramData\Freemake
    C:\ProgramData\yahoochrome_D
    C:\Program Files\Dissatisfied
    C:\Program Files\Groundstrokes
    C:\Program Files\Hexagon
    C:\Program Files\Kaspersky Lab
    C:\Program Files\Microsoft Office
    C:\Program Files\NCWS1MPIV7
    C:\Program Files\postural
    C:\Program Files\ProxyGate
    C:\Program Files\schelling
    C:\Users\ptichun\AppData\Local\ImpaqSpeed
    C:\Users\ptichun\AppData\Local\Latham.exe
    C:\Users\ptichun\AppData\Roaming\AGData
    C:\Users\ptichun\AppData\Roaming\command.dll
    C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
    C:\Users\ptichun\AppData\Roaming\OneSystemCare
    C:\Users\ptichun\AppData\Roaming\FastDataX
    C:\Program Files\FreeFileViewer
    C:\Program Files\Common Files\Microsoft Shared\OFFICE12
    C:\Program Files\Common Files\Avast Software
    C:\program files\utorrent
    C:\users\ptichun\appdata\roaming\bittorrent
    File: C:\Program Files\Mozilla Firefox\firefoxJu.exe
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save the file by clicking File -> Save.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Downloads folder where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • AdwCleaner[Cx].txt
  • fixlog.txt
  • Are there any changes in computer behavior?
 
#17 ·
1. Uninstalled all of the listed programs. "Impaq Speed" was listed twice on my computer and I was able to uninstall it once only. So one copy is still on the programs listed.

2.
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-22.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-22-2018
# Duration: 00:01:46
# OS: Windows 7 Home Premium
# Scanned: 41265
# Detected: 137

***** [ Services ] *****

PUP.Optional.Legacy saiyitechnology
PUP.Optional.ProxyGate pgt_svc

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0814TB
PUP.Optional.AnonymizerGadget C:\Users\ptichun\AppData\Roaming\AGData
PUP.Optional.Conduit.A C:\Users\ptichun\AppData\Roaming\RHEng
PUP.Optional.FastDataX C:\Users\ptichun\AppData\Roaming\FastDataX
PUP.Optional.Legacy C:\Program Files\BestCleaner
PUP.Optional.Legacy C:\ProgramData\yahoochrome_D
PUP.Optional.Legacy C:\Program Files\AnonymizerGadget
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\ptichun\AppData\Local\StormFall
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.OneSystemCare C:\Users\ptichun\AppData\Roaming\OneSystemCare
PUP.Optional.PCCleanerPro C:\Program Files\PRO PC Cleaner
PUP.Optional.ProxyGate C:\Program Files\ProxyGate
Trojan.Agent C:\Users\ptichun\AppData\Roaming\WidModule

***** [ Files ] *****

PUP.Optional.Legacy C:\TOSTACK
PUP.Optional.Legacy C:\Users\ptichun\Downloads\SysInfo.exe
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Installer.dat
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Main.dat
PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\agent.dat

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.FastDataX C:\Windows\System32\Tasks\FastDataX Task

***** [ Registry ] *****

Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.TryMedia HKLM\Software\Trymedia Systems
PUP.Adware.Heuristic HKLM\SOFTWARE\8708599B-3BBC-4B76-A14D-2FA06B5C3036
PUP.Adware.Heuristic HKCU\SOFTWARE\43AEEF6FF6F2DBBCCEDDB67AA85124CF
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7242BBD-9BA6-4C7E-9AF6-7767D7AA600}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0507080-F6ED-49BE-9C80-EAAB9F3634D}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87AC2DB-DCFA-44FD-A089-6881BC770CB}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92B327C2-9820-4FB0-980-2290D254ACFB}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DA2428B-9133-4315-9C58-43CAF46381}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6439FBDD-3AFA-4644-AB3F-2D1B8C99FFE3}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{572B6F0E-6185-4070-B410-172D72C21D80}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1826A1CA-9B3-4C3D-8BE9-92D2541A6E80}
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mytransitguide.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
PUP.Optional.AuslogicsDriverUpdater HKU\S-1-5-18\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater HKCU\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater HKU\.DEFAULT\Software\Auslogics
PUP.Optional.BestCleaner HKCU\Software\Microsoft\BigTime
PUP.Optional.BrowseFox HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\AtuZi
PUP.Optional.CleanMyPC HKCU\Software\Reg\Clean
PUP.Optional.CleanMyPC HKLM\Software\Reg\Clean
PUP.Optional.DiskPower HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.DolphinDeals HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Dolphin Deals
PUP.Optional.FastDataX HKCU\Software\FastDataX
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Microsoft\DMunversion
PUP.Optional.Legacy HKLM\Software\pcv-var
PUP.Optional.Legacy HKCU\Software\ICSW1.23
PUP.Optional.Legacy HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKLM\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKCU\Software\MICROSOFT\OTUT
PUP.Optional.Legacy HKLM\Software\imalcom
PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\Companion
PUP.Optional.Legacy HKLM\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\vShare
PUP.Optional.Legacy HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
PUP.Optional.Legacy HKCU\Software\Bitberry
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
PUP.Optional.Legacy HKCU\Software\Classes\Applications\interstatnogui.exe
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{82443621-A29A-473E-8335-F5C958A7A4CA}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{2C09954F-CDA8-4BD1-8794-1D543E050378}
PUP.Optional.Legacy HKLM\Software\Classes\Sample.YTBPartnerSample
PUP.Optional.Legacy HKLM\Software\Classes\Sample.BrowserHandler
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\imgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akz.imgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
PUP.Optional.OneSystemCare HKCU\Software\One System Care
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.RRSavings HKLM\Software\RrFilter
PUP.Optional.Tuto4PC HKCU\Software\MICROSOFT\wewewe
PUP.Optional.WeatherAlerts HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrIncub
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\MPrForShutT
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrAmNP
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\NSaveA
PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\APreSam
PUP.Optional.WeatherBuddy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.BrowserHunt Browser Hunt SafeFinder
PUP.Optional.MountainBrowse Mountain Browse

***** [ Chromium URLs ] *****

PUP.Optional.Legacy http://feed.helperbar.com/?p=mKO_Aw...rxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
PUP.Optional.Legacy WebSearch
PUP.Optional.Legacy Ask

***** [ Firefox (and derivatives) ] *****

PUP.Optional.BrowseToSave SaveFrom.net helper

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [13927 octets] - [21/06/2018 15:46:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
#18 ·
Fix result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by ptichun (22-06-2018 17:16:36) Run:2
Running from C:\Users\ptichun\Downloads
Loaded Profiles: ptichun (Available Profiles: ptichun & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [Flayed] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Lentz] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKLM\...\Run: [Catastrophic] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Lady] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKLM\...\Run: [Scapegoats] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKLM\...\Run: [Bellotti] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Mclarty] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Cleave] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Momentum] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Featherbedding] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Harmonies] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Shucks] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [mccarren] => C:\Program Files\postural\mccarren.exe [44824 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [caper] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [ImpaqSpeed] => C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15774312 2018-05-21] (Melasys)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\MountPoints2: {2a329238-ce02-11e0-a84e-002622ebfd92} - E:\LaunchU3.exe
Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenville.lnk [2018-06-18]
ShortcutTarget: greenville.lnk -> C:\Program Files\Dissatisfied\Latham.exe ()
Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenvillegreenville.lnk [2018-06-18]
ShortcutTarget: greenvillegreenville.lnk -> C:\Program Files\schelling\Quayside.exe ()
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
GroupPolicy: Restriction ? <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFemqrj-rMQQYj9WvYBYE0FaarNOnhNvfXQvx34KwIzzvuTrxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFdpFkfzNnKpPJ44zANdI60m5hktFaXgRfspziMfcD_lYJ237M_pxFV-_TtqK9cHMupac8pqa-cYrPU1XsK6LW-iQYYA,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (Browser Hunt) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-09-11]
CHR Extension: (Simple Finder Multi Region) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-06-18]
CHR Extension: (System Table) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-18]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) [File not signed]
S2 pgt_svc; C:\Program Files\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop186.exe [517432 2018-05-21] (PandaViewer)
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
Task: {22B4AC95-006A-47F3-A56C-1D295ABFDABE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {257D7536-8D4E-4EC7-943C-649D6C8A41A5} - System32\Tasks\{CA68FBC6-1B51-44AA-80FD-2FEF85442571} => C:\windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Trioflex\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Trioflex\uninstall.dat" -a uninstallme 6A5B1B25-62DB-4563-A778-A94EA7139FD4 DeviceId=85946c09-325a-60e2-2064-214b59f2edab BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-05] (AVAST Software)
Task: {29415BBD-E024-4DF4-971F-8CC1F3523306} - System32\Tasks\rivalingrivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
Task: {3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C} - System32\Tasks\FastDataX Task => C:\PROGRA~1\FASTDA~1\FASTDA~1.EXE
Task: {5CB45FE8-F96B-4E51-A73D-19422B99F2A0} - System32\Tasks\hereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
Task: {67357DE5-CB82-4735-886E-11D3067DD671} - System32\Tasks\gobsgobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
Task: {74867C31-8CF7-4CF0-A6B5-16539C311965} - System32\Tasks\swindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
Task: {762862D4-B57D-4178-A89F-8680DF2DAEAB} - System32\Tasks\analogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
Task: {882F4CC5-109E-4A0C-AD0C-468269C35C9B} - System32\Tasks\dastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
Task: {A23DDECB-365E-4BFF-BFAD-C1ABB20E3313} - System32\Tasks\analogs refuges teagleanalogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
Task: {AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA} - System32\Tasks\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C} => C:\windows\system32\pcalua.exe -a C:\Users\ptichun\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {ACB8185B-EEE8-4FD0-8784-B34D731704B0} - System32\Tasks\swindle cuspswindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
Task: {ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3} - System32\Tasks\bridesmaids-kepbridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
Task: {BE9F58A7-E3FB-472A-8A14-7330306252B1} - System32\Tasks\dastardly_arbitragedastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
Task: {C28041AA-B571-46D8-A201-E27926C02F26} - System32\Tasks\hereafter_lobhereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
Task: {C3CFAE26-386D-4E74-8C1D-2174A477A639} - System32\Tasks\rivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
Task: {C831D44E-71AE-441A-810C-1DD78E21502B} - System32\Tasks\repertoiresrepertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
Task: {E026396D-6587-4B7B-A9EA-394E079C5F5C} - System32\Tasks\repertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
Task: {E7804E13-2C25-434C-91AA-77F568488644} - System32\Tasks\gobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
Task: {EBDC4BAA-2978-44F5-8552-8928462F08DD} - \Palikan midar -> No File <==== ATTENTION
Task: {F322950B-4458-43CE-8E8D-29BFCEC36CF9} - System32\Tasks\bridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\webcompanion.com -> hxxp://webcompanion.com
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4C235DA4 [140]
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]
FirewallRules: [TCP Query User{2F1C67D4-DF90-4E08-B7D4-6AD6BC5FF6FA}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{4ED7722A-32D9-467A-91E8-56D52623C89A}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{1C5BBB73-24B4-46AB-A99D-8A01505E05DB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B2222B06-246C-40B8-BC70-E0ABDD0EFC66}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
FirewallRules: [{03F0A29A-3B36-452F-9432-3CDDFC555603}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E70ED5F2-58F0-4326-B02A-82BA05E41DF6}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{851BEE00-CF9A-4D13-8103-D727716A94DA}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4FCC4FCC-F298-42A9-B317-55CF7986E497}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{286CE097-A396-4AB9-B77C-D1DA27EBCAA8}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{35B57A6A-F55D-48D8-A0B5-F6FD052AB38D}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1A70C3FF-9B63-4885-98E4-4931769A5F13}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [UDP Query User{BB40DAA9-CF7B-435C-AC6F-50964B50AB51}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [{7777DD37-6752-42EC-84A9-18D9AB57E056}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{EBCBCEA2-B0A5-474A-B60C-03EFB408AFD5}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5A5AE529-C631-4D4F-8061-E6596F7494B4}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{60152734-99A4-49A7-A24D-AA050D415BBC}] => (Allow) C:\Program Files\Dissatisfied\Latham.exe
FirewallRules: [{7C427782-67AA-46FC-98C4-52938688D051}] => (Allow) C:\Program Files\Groundstrokes\Latham.exe
FirewallRules: [{B88E0081-D72B-4FEA-A0D9-83C6B259376B}] => (Allow) C:\Program Files\schelling\Quayside.exe
FirewallRules: [{D71C866B-2F4F-4849-BEAA-1246272E8D54}] => (Allow) C:\Program Files\Groundstrokes\Quayside.exe
2018-06-18 07:29 - 2018-06-18 07:46 - 000000000 ____D C:\Program Files\CY7UKLC70G
2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\uf3r21up1fz
2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\74B1NTFBRT
2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\se4whuag0ky
2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\f4rbsw5zee1
2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\ZL9TZMZ5PE
2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\M41QM9F4J5
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\qhtybw0wvmx
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\moztjnjsxyu
2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\e32exah2ukl
2018-06-18 06:27 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\c5koq5i2kl1
2018-06-18 06:23 - 2018-06-18 06:23 - 000000000 ____D C:\Program Files\ZP5JQ90FKY
2018-06-18 06:15 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AT31O40NII
2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5k4lcptyol1
2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3z5gjlt5qci
2018-06-18 06:14 - 2018-06-18 06:15 - 000000000 ____D C:\Program Files\4OV5D3E3ZM
2018-06-18 06:14 - 2018-06-18 06:14 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\spog5xmyzlf
2018-06-18 06:07 - 2018-06-18 06:07 - 000000012 _____ C:\windows\b8998883
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\windows\grail.exe
2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Quayside.exe
2018-06-18 06:06 - 2018-06-18 06:07 - 000000000 ____D C:\Program Files\ProxyGate
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\postural
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\Groundstrokes
2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ____D C:\Program Files\obo
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\schelling
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Hexagon
2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Dissatisfied
2018-06-18 06:04 - 2018-06-18 18:46 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-06-18 06:04 - 2018-06-18 06:05 - 000000000 ____D C:\Users\ptichun\AppData\Local\Package Cache
2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\w3bxmavwtvf
2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Program Files\L1L39K74D5
2018-06-18 06:02 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\0756KZBAPD
2018-06-18 06:02 - 2018-06-18 06:43 - 000000000 ____D C:\Program Files\Multitimer
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\acnfk1yolmo
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AAAZZZ
2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\7IYDGNJIHD
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\gpezmwclh54
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3nwf3zdl1oa
2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\HLQVFPEM5V
2018-06-18 06:00 - 2018-06-18 06:00 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5a55opst0te
2018-06-18 05:59 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\U33K7RH5VK
2018-06-18 05:58 - 2018-06-19 06:25 - 000000000 ____D C:\Program Files\AnonymizerGadget
2018-06-18 05:58 - 2018-06-19 06:24 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\WidModule
2018-06-18 05:58 - 2018-06-19 06:10 - 000000000 ____D C:\Program Files\ios0vrked4g
2018-06-18 05:58 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\85ZBGYIRU1
2018-06-18 05:58 - 2018-06-18 06:48 - 000000000 ____D C:\Program Files\cleanComputerNew
2018-06-18 05:58 - 2018-06-18 06:06 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\AGData
2018-06-18 05:57 - 2018-06-18 05:57 - 000001094 _____ C:\Users\ptichun\Desktop\Adult Dating.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Warframe.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Crossout.lnk
2018-06-18 05:57 - 2018-06-18 05:57 - 000001086 _____ C:\Users\ptichun\Desktop\Win iPhone X.lnk
2018-06-18 05:50 - 2018-06-18 05:50 - 000763096 _____ (WinZip Computing, S.L.) C:\Users\ptichun\Downloads\winzip22.exe
2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
2018-06-18 06:09 - 2018-06-18 06:09 - 002948240 _____ (BitTorrent Inc.) C:\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264
2018-06-18 05:28 - 2018-06-18 05:28 - 000732164 _____ C:\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar
2018-06-13 13:08 - 2018-06-13 13:08 - 000000000 ____D C:\Users\ptichun\Downloads\The.Incredibles.2.DVDrip
2018-06-13 12:55 - 2018-06-13 12:58 - 000000000 ____D C:\Users\ptichun\Downloads\The Incredibles (2004)
2018-06-19 06:17 - 2011-10-06 00:08 - 000000007 _____ C:\windows\system32\ANIWZCSUSERNAME{DFD29AFC-4966-4800-9940-D36BB08AF495}
2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
2018-06-14 14:38 - 2018-03-30 14:16 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\BitTorrent
2018-06-13 12:56 - 2016-11-06 21:31 - 000000887 _____ C:\Users\ptichun\Desktop\BitTorrent.lnk
2018-06-13 12:56 - 2016-11-06 21:31 - 000000867 _____ C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2011-10-05 23:44 - 2011-10-05 23:44 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{BCB7DA77-C4C7-49FD-A240-0ABA917BDB77}.ini
2013-03-25 05:02 - 2015-01-27 19:35 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{DFD29AFC-4966-4800-9940-D36BB08AF495}.ini
2011-10-06 00:09 - 2015-07-19 19:24 - 000003284 _____ () C:\Users\ptichun\AppData\Roaming\ANIWZCS{DFD29AFC-4966-4800-9940-D36BB08AF495}
2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
2011-04-02 19:17 - 2011-04-02 19:17 - 000001550 ___SH () C:\Users\ptichun\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
2015-11-05 23:05 - 2015-11-05 23:06 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{3862AE44-B056-4D19-A9AE-2CE1126EBDB3}
2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{5AFA009C-BEA2-4175-AE4B-623C88EDD3C3}
2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{92397A79-A984-49F7-9392-161E9112C5B5}
2011-09-04 02:02 - 2011-09-04 02:02 - 000000000 _____ () C:\Users\ptichun\AppData\Local\Pnumog.bin
2011-09-04 02:02 - 2011-09-04 02:02 - 000000120 _____ () C:\Users\ptichun\AppData\Local\Pyegoxired.dat
C:\ProgramData\Freemake
C:\ProgramData\yahoochrome_D
C:\Program Files\Dissatisfied
C:\Program Files\Groundstrokes
C:\Program Files\Hexagon
C:\Program Files\Kaspersky Lab
C:\Program Files\Microsoft Office
C:\Program Files\NCWS1MPIV7
C:\Program Files\postural
C:\Program Files\ProxyGate
C:\Program Files\schelling
C:\Users\ptichun\AppData\Local\ImpaqSpeed
C:\Users\ptichun\AppData\Local\Latham.exe
C:\Users\ptichun\AppData\Roaming\AGData
C:\Users\ptichun\AppData\Roaming\command.dll
C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
C:\Users\ptichun\AppData\Roaming\OneSystemCare
C:\Users\ptichun\AppData\Roaming\FastDataX
C:\Program Files\FreeFileViewer
C:\Program Files\Common Files\Microsoft Shared\OFFICE12
C:\Program Files\Common Files\Avast Software
C:\program files\utorrent
C:\users\ptichun\appdata\roaming\bittorrent
File: C:\Program Files\Mozilla Firefox\firefoxJu.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Flayed" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Lentz" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Catastrophic" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Lady" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Scapegoats" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bellotti" => removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Mclarty" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cleave" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Momentum" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Featherbedding" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Harmonies" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Shucks" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mccarren" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\caper" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ImpaqSpeed" => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\KSS" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a329238-ce02-11e0-a84e-002622ebfd92}" => removed successfully.
HKLM\Software\Classes\CLSID\{2a329238-ce02-11e0-a84e-002622ebfd92} => not found
C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenville.lnk => moved successfully
C:\Program Files\Dissatisfied\Latham.exe => moved successfully
C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenvillegreenville.lnk => moved successfully
C:\Program Files\schelling\Quayside.exe => moved successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => removed successfully.
"HKLM\Software\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => removed successfully.
"HKLM\Software\Classes\PROTOCOLS\Handler\grooveLocalGWS" => removed successfully.
"HKLM\Software\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}" => removed successfully.
"HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome" => removed successfully.
"Chrome HomePage" => removed successfully.
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSearchKeyword" => removed successfully.
CHR Extension: (Browser Hunt) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-09-11] => Error: No automatic fix found for this entry.
CHR Extension: (Simple Finder Multi Region) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-06-18] => Error: No automatic fix found for this entry.
CHR Extension: (System Table) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-18] => Error: No automatic fix found for this entry.
Freemake Improver => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\Freemake Improver" => removed successfully.
Freemake Improver => service removed successfully.
pgt_svc => service not found.
saiyitechnology => service not found.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellConverter" => removed successfully.
"HKLM\Software\Classes\CLSID\{30A4E07E-068A-4d91-8F05-691283A1336B}" => removed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
"HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}" => removed successfully.
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SD Format" => removed successfully.
"HKLM\Software\Classes\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48}" => removed successfully.
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22B4AC95-006A-47F3-A56C-1D295ABFDABE} => not found
"C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{257D7536-8D4E-4EC7-943C-649D6C8A41A5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{257D7536-8D4E-4EC7-943C-649D6C8A41A5}" => removed successfully.
C:\Windows\System32\Tasks\{CA68FBC6-1B51-44AA-80FD-2FEF85442571} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA68FBC6-1B51-44AA-80FD-2FEF85442571}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74}" => removed successfully.
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29415BBD-E024-4DF4-971F-8CC1F3523306}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29415BBD-E024-4DF4-971F-8CC1F3523306}" => removed successfully.
C:\Windows\System32\Tasks\rivalingrivaling => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rivalingrivaling" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C} => not found
"C:\Windows\System32\Tasks\FastDataX Task" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CB45FE8-F96B-4E51-A73D-19422B99F2A0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CB45FE8-F96B-4E51-A73D-19422B99F2A0}" => removed successfully.
C:\Windows\System32\Tasks\hereafter_lob => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hereafter_lob" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67357DE5-CB82-4735-886E-11D3067DD671}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67357DE5-CB82-4735-886E-11D3067DD671}" => removed successfully.
C:\Windows\System32\Tasks\gobsgobs => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gobsgobs" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74867C31-8CF7-4CF0-A6B5-16539C311965}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74867C31-8CF7-4CF0-A6B5-16539C311965}" => removed successfully.
C:\Windows\System32\Tasks\swindle cusp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\swindle cusp" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{762862D4-B57D-4178-A89F-8680DF2DAEAB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762862D4-B57D-4178-A89F-8680DF2DAEAB}" => removed successfully.
C:\Windows\System32\Tasks\analogs refuges teagle => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\analogs refuges teagle" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{882F4CC5-109E-4A0C-AD0C-468269C35C9B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{882F4CC5-109E-4A0C-AD0C-468269C35C9B}" => removed successfully.
C:\Windows\System32\Tasks\dastardly_arbitrage => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dastardly_arbitrage" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A23DDECB-365E-4BFF-BFAD-C1ABB20E3313}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A23DDECB-365E-4BFF-BFAD-C1ABB20E3313}" => removed successfully.
C:\Windows\System32\Tasks\analogs refuges teagleanalogs refuges teagle => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\analogs refuges teagleanalogs refuges teagle" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA}" => removed successfully.
C:\Windows\System32\Tasks\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB8185B-EEE8-4FD0-8784-B34D731704B0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB8185B-EEE8-4FD0-8784-B34D731704B0}" => removed successfully.
C:\Windows\System32\Tasks\swindle cuspswindle cusp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\swindle cuspswindle cusp" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3}" => removed successfully.
C:\Windows\System32\Tasks\bridesmaids-kepbridesmaids-kep => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bridesmaids-kepbridesmaids-kep" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE9F58A7-E3FB-472A-8A14-7330306252B1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9F58A7-E3FB-472A-8A14-7330306252B1}" => removed successfully.
C:\Windows\System32\Tasks\dastardly_arbitragedastardly_arbitrage => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dastardly_arbitragedastardly_arbitrage" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C28041AA-B571-46D8-A201-E27926C02F26}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C28041AA-B571-46D8-A201-E27926C02F26}" => removed successfully.
C:\Windows\System32\Tasks\hereafter_lobhereafter_lob => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hereafter_lobhereafter_lob" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3CFAE26-386D-4E74-8C1D-2174A477A639}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3CFAE26-386D-4E74-8C1D-2174A477A639}" => removed successfully.
C:\Windows\System32\Tasks\rivaling => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rivaling" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C831D44E-71AE-441A-810C-1DD78E21502B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C831D44E-71AE-441A-810C-1DD78E21502B}" => removed successfully.
C:\Windows\System32\Tasks\repertoiresrepertoires => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\repertoiresrepertoires" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E026396D-6587-4B7B-A9EA-394E079C5F5C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E026396D-6587-4B7B-A9EA-394E079C5F5C}" => removed successfully.
C:\Windows\System32\Tasks\repertoires => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\repertoires" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7804E13-2C25-434C-91AA-77F568488644}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7804E13-2C25-434C-91AA-77F568488644}" => removed successfully.
C:\Windows\System32\Tasks\gobs => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gobs" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBDC4BAA-2978-44F5-8552-8928462F08DD}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBDC4BAA-2978-44F5-8552-8928462F08DD}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Palikan midar => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F322950B-4458-43CE-8E8D-29BFCEC36CF9}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F322950B-4458-43CE-8E8D-29BFCEC36CF9}" => removed successfully.
C:\Windows\System32\Tasks\bridesmaids-kep => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bridesmaids-kep" => removed successfully.
"C:\windows\Tasks\FreeFileViewerUpdateChecker.job" => not found
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => removed successfully.
"HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully.
HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":4C235DA4" ADS removed successfully.
C:\ProgramData\TEMP => ":6ED8B881" ADS removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F1C67D4-DF90-4E08-B7D4-6AD6BC5FF6FA}C:\program files\microsoft office\office12\groove.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4ED7722A-32D9-467A-91E8-56D52623C89A}C:\program files\microsoft office\office12\groove.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1C5BBB73-24B4-46AB-A99D-8A01505E05DB}C:\program files\utorrent\utorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B2222B06-246C-40B8-BC70-E0ABDD0EFC66}C:\program files\utorrent\utorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03F0A29A-3B36-452F-9432-3CDDFC555603}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E70ED5F2-58F0-4326-B02A-82BA05E41DF6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{851BEE00-CF9A-4D13-8103-D727716A94DA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FCC4FCC-F298-42A9-B317-55CF7986E497}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{286CE097-A396-4AB9-B77C-D1DA27EBCAA8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35B57A6A-F55D-48D8-A0B5-F6FD052AB38D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1A70C3FF-9B63-4885-98E4-4931769A5F13}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB40DAA9-CF7B-435C-AC6F-50964B50AB51}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7777DD37-6752-42EC-84A9-18D9AB57E056}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBCBCEA2-B0A5-474A-B60C-03EFB408AFD5}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A5AE529-C631-4D4F-8061-E6596F7494B4}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60152734-99A4-49A7-A24D-AA050D415BBC}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C427782-67AA-46FC-98C4-52938688D051}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B88E0081-D72B-4FEA-A0D9-83C6B259376B}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D71C866B-2F4F-4849-BEAA-1246272E8D54}" => removed successfully.
C:\Program Files\CY7UKLC70G => moved successfully
C:\Users\ptichun\AppData\Roaming\uf3r21up1fz => moved successfully
C:\Program Files\74B1NTFBRT => moved successfully
C:\Users\ptichun\AppData\Roaming\se4whuag0ky => moved successfully
C:\Users\ptichun\AppData\Roaming\f4rbsw5zee1 => moved successfully
C:\Program Files\ZL9TZMZ5PE => moved successfully
C:\Program Files\M41QM9F4J5 => moved successfully
C:\Users\ptichun\AppData\Roaming\qhtybw0wvmx => moved successfully
C:\Users\ptichun\AppData\Roaming\moztjnjsxyu => moved successfully
C:\Users\ptichun\AppData\Roaming\e32exah2ukl => moved successfully
C:\Users\ptichun\AppData\Roaming\c5koq5i2kl1 => moved successfully
C:\Program Files\ZP5JQ90FKY => moved successfully
C:\Program Files\AT31O40NII => moved successfully
C:\Users\ptichun\AppData\Roaming\5k4lcptyol1 => moved successfully
C:\Users\ptichun\AppData\Roaming\3z5gjlt5qci => moved successfully
C:\Program Files\4OV5D3E3ZM => moved successfully
C:\Users\ptichun\AppData\Roaming\spog5xmyzlf => moved successfully
C:\windows\b8998883 => moved successfully
C:\windows\grail.exe => moved successfully
C:\Users\ptichun\AppData\Local\Quayside.exe => moved successfully
"C:\Program Files\ProxyGate" => not found

"C:\Program Files\postural" folder move:

Could not move "C:\Program Files\postural" => Scheduled to move on reboot.

C:\Program Files\Groundstrokes => moved successfully
C:\Program Files\obo => moved successfully
C:\Program Files\schelling => moved successfully

"C:\Program Files\Hexagon" folder move:

Could not move "C:\Program Files\Hexagon" => Scheduled to move on reboot.

C:\Program Files\Dissatisfied => moved successfully
"C:\ProgramData\yahoochrome_D" => not found
C:\Users\ptichun\AppData\Local\Package Cache => moved successfully
C:\Users\ptichun\AppData\Roaming\w3bxmavwtvf => moved successfully
C:\Program Files\L1L39K74D5 => moved successfully
C:\Program Files\0756KZBAPD => moved successfully
C:\Program Files\Multitimer => moved successfully
C:\Users\ptichun\AppData\Roaming\acnfk1yolmo => moved successfully
C:\Program Files\AAAZZZ => moved successfully
C:\Program Files\7IYDGNJIHD => moved successfully
C:\Users\ptichun\AppData\Roaming\gpezmwclh54 => moved successfully
C:\Users\ptichun\AppData\Roaming\3nwf3zdl1oa => moved successfully
C:\Program Files\HLQVFPEM5V => moved successfully
C:\Users\ptichun\AppData\Roaming\5a55opst0te => moved successfully
C:\Program Files\U33K7RH5VK => moved successfully
"C:\Program Files\AnonymizerGadget" => not found
"C:\Users\ptichun\AppData\Roaming\WidModule" => not found
C:\Program Files\ios0vrked4g => moved successfully
C:\Program Files\85ZBGYIRU1 => moved successfully
C:\Program Files\cleanComputerNew => moved successfully
"C:\Users\ptichun\AppData\Roaming\AGData" => not found
"C:\Users\ptichun\Desktop\Adult Dating.lnk" => not found
"C:\Users\ptichun\Desktop\Play Warframe.lnk" => not found
"C:\Users\ptichun\Desktop\Play Crossout.lnk" => not found
"C:\Users\ptichun\Desktop\Win iPhone X.lnk" => not found
C:\Users\ptichun\Downloads\winzip22.exe => moved successfully
C:\Users\ptichun\AppData\Roaming\BitTorrent => moved successfully
"C:\windows\Tasks\FreeFileViewerUpdateChecker.job" => not found
C:\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264 => moved successfully
C:\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar => moved successfully
C:\Users\ptichun\Downloads\The.Incredibles.2.DVDrip => moved successfully
C:\Users\ptichun\Downloads\The Incredibles (2004) => moved successfully
C:\windows\system32\ANIWZCSUSERNAME{DFD29AFC-4966-4800-9940-D36BB08AF495} => moved successfully
"C:\Users\ptichun\AppData\Roaming\BitTorrent" => not found
C:\Users\ptichun\AppData\LocalLow\BitTorrent => moved successfully
"C:\Users\ptichun\Desktop\BitTorrent.lnk" => not found
"C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk" => not found
C:\Users\ptichun\AppData\Roaming\ANICONFIG_{BCB7DA77-C4C7-49FD-A240-0ABA917BDB77}.ini => moved successfully
C:\Users\ptichun\AppData\Roaming\ANICONFIG_{DFD29AFC-4966-4800-9940-D36BB08AF495}.ini => moved successfully
C:\Users\ptichun\AppData\Roaming\ANIWZCS{DFD29AFC-4966-4800-9940-D36BB08AF495} => moved successfully
"C:\windows\Tasks\FreeFileViewerUpdateChecker.job" => not found
C:\Users\ptichun\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32 => moved successfully
C:\Users\ptichun\AppData\Local\{3862AE44-B056-4D19-A9AE-2CE1126EBDB3} => moved successfully
C:\Users\ptichun\AppData\Local\{5AFA009C-BEA2-4175-AE4B-623C88EDD3C3} => moved successfully
C:\Users\ptichun\AppData\Local\{92397A79-A984-49F7-9392-161E9112C5B5} => moved successfully
C:\Users\ptichun\AppData\Local\Pnumog.bin => moved successfully
C:\Users\ptichun\AppData\Local\Pyegoxired.dat => moved successfully
C:\ProgramData\Freemake => moved successfully
"C:\ProgramData\yahoochrome_D" => not found
"C:\Program Files\Dissatisfied" => not found
"C:\Program Files\Groundstrokes" => not found

"C:\Program Files\Hexagon" folder move:

Could not move "C:\Program Files\Hexagon" => Scheduled to move on reboot.

"C:\Program Files\Kaspersky Lab" => not found
C:\Program Files\Microsoft Office => moved successfully
C:\Program Files\NCWS1MPIV7 => moved successfully

"C:\Program Files\postural" folder move:

Could not move "C:\Program Files\postural" => Scheduled to move on reboot.

"C:\Program Files\ProxyGate" => not found
"C:\Program Files\schelling" => not found
"C:\Users\ptichun\AppData\Local\ImpaqSpeed" => not found
C:\Users\ptichun\AppData\Local\Latham.exe => moved successfully
"C:\Users\ptichun\AppData\Roaming\AGData" => not found
C:\Users\ptichun\AppData\Roaming\command.dll => moved successfully
C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0 => moved successfully
"C:\Users\ptichun\AppData\Roaming\OneSystemCare" => not found
"C:\Users\ptichun\AppData\Roaming\FastDataX" => not found
"C:\Program Files\FreeFileViewer" => not found
C:\Program Files\Common Files\Microsoft Shared\OFFICE12 => moved successfully
C:\Program Files\Common Files\Avast Software => moved successfully
"C:\program files\utorrent" => not found
"C:\users\ptichun\appdata\roaming\bittorrent" => not found

========================= File: C:\Program Files\Mozilla Firefox\firefoxJu.exe ========================

C:\Program Files\Mozilla Firefox\firefoxJu.exe
File is digitally signed
MD5: 627C19EB6716431ABB5445CCCCEC3FFD
Creation and modification date: 2018-01-25 08:30 - 2018-06-16 14:34
Size: 000396240
Attributes: ----H
Company Name: Mozilla Corporation
Internal Name: Firefox
Original Name: firefox.exe
Product: Firefox
Description: Firefox
File Version: 61.0
Product Version: 61.0
Copyright: ©Firefox and Mozilla Developers; available under the MPL 2 license.
VirusTotal: https://www.virustotal.com/file/1fb...dcfb39f1b79214a561dab6ab/analysis/1529560350/

====== End of File: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7109065 B
Java, Flash, Steam htmlcache => 1828 B
Windows/system/drivers => 593557 B
Edge => 0 B
Chrome => 0 B
Firefox => 171109108 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 30556 B
ptichun => 242350298 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 409.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-06-2018 17:39:33)

C:\Program Files\postural => is moved successfully
C:\Program Files\Hexagon => is moved successfully
C:\Program Files\Hexagon => is moved successfully
C:\Program Files\postural => is moved successfully

==== End of Fixlog 17:39:34 ====
 
#20 ·
Hello and thank you for your help.

I have run AdwCleaner again but there are no threats detected this time (I've run it previously and finished "fixing"). Since there are no threats the log is not produced so I don't have anything new to post

Ptichun
 
#21 ·
Hello ptichun :)

How is your computer performing now? Please run these scans.

Step one...

Malwarebytes Anti-Malware (MBAM) Scan
Note: you need to be connected to the internet so that MBAM can download any updates it needs to.
  • Please close all open programs and windows so that you are at your Desktop.
  • Press the Start button.
  • Type Malwarebytes into the search box and select it from the results.
  • Allow MBAM to update if it asks you to.
  • Click Scan Now. MBAM will update its databases and proceed to scan your computer.
  • If any threats are found, ensure that all of them are checked and click Remove Selected.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Export Summary in the bottom right corner and select Text File (*.txt).
  • Save it on your Desktop as mbam.txt. Copy and paste the contents of mbam.txt in your reply.
  • If MBAM required a reboot please do the following to get the report:
    • On reboot reopen MBAM.
    • Click Reports and then click the most recent Scan Report and click View Report.
    • Click Export and then click Text File (*.txt).
    • Save it on your Desktop as mbam.txt. Copy and paste the contents of mbam.txt in your reply.

Step two...

ESET Online Scanner
  • Go to the ESET Online Scanner site.
  • Click on the Scan Now button. This will download a small utility.
  • Before running the utility, disable any antivirus you have active, as shown in this topic.
  • Close any open programs and windows.
  • Right click esetonlinescanner_enu.exe and select Run as administrator.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • Ensure the following are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Ensure that Clean threats automatically is unchecked.
  • Click Scan.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes click Save to text file.... Save the log as ESETScan.txt to your Desktop.
  • Click the Do not clean link, next to the Clean selected button.
  • Click Finish.
  • You can now close the program using the X in the top-right.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • mbam.txt
  • ESETScan.txt
  • Are there any changes in computer behavior?
 
#22 ·
No problems with any of the instructions.
Changes: no more pop-ups showing up. Some programs are disabled but not removed from the computer.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/24/18
Scan Time: 2:51 PM
Log File: c9ba36e0-77f8-11e8-aa14-002622ebfd92.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5615
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: sveznalica\ptichun

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 270842
Threats Detected: 168
Threats Quarantined: 167
Time Elapsed: 1 hr, 3 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 16
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\CONSOLE\TASKENG.EXE, Quarantined, [6456], [425125],1.0.5615
PUP.Optional.Conduit, HKU\S-1-5-21-2101005229-1017427555-4036206314-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.5615
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.5615
PUP.Optional.Conduit, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.5615
Adware.Tuto4PC, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\EWMON, Quarantined, [2792], [412878],1.0.5615
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Delete-on-Reboot, [6456], [425124],1.0.5615
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Delete-on-Reboot, [501], [518478],1.0.5615
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Delete-on-Reboot, [501], [518476],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Delete-on-Reboot, [389], [533745],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Delete-on-Reboot, [389], [533745],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\disk genius 2.02, Delete-on-Reboot, [389], [533746],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\farmer 1.0, Delete-on-Reboot, [389], [533747],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\pro 1.0, Delete-on-Reboot, [389], [533748],1.0.5615
Trojan.Agent, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\soundplay 3.0, Delete-on-Reboot, [389], [533749],1.0.5615
Adware.Tuto4PC, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\2UPS, Delete-on-Reboot, [2792], [411131],1.0.5615
Adware.DotDo.DotPrx, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [4845], [-1],0.0.0

Registry Value: 16
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [6456], [425125],1.0.5615
PUP.Optional.Conduit, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [220], [236865],1.0.5615
PUP.Optional.Conduit, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [220], [236865],1.0.5615
Adware.Tuto4PC, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarantined, [2792], [412878],1.0.5615
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Delete-on-Reboot, [6456], [425124],1.0.5615
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|MUID, Delete-on-Reboot, [7306], [436740],1.0.5615
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|TCID, Delete-on-Reboot, [7306], [436739],1.0.5615
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [6456], [425126],1.0.5615
Adware.Tuto4PC, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\2UPS|PARTNER, Delete-on-Reboot, [2792], [411131],1.0.5615
Adware.DotDo.DotPrx, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-2101005229-1017427555-4036206314-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [4845], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 32
PUP.Optional.InterStat, C:\Users\ptichun\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_367\Logs, Quarantined, [1055], [373566],1.0.5615
PUP.Optional.InterStat, C:\USERS\PTICHUN\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_367, Delete-on-Reboot, [1055], [373566],1.0.5615
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE, Quarantined, [4561], [443706],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\webfonts, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\_metadata, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\USERS\PTICHUN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\fdckocnfhibclnnkifmjbbogcfkbijki, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{3C12F971-B650-73B7-3096-EDF5AAD4663B}, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\USERS\PTICHUN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\webfonts, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\_metadata, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\USERS\PTICHUN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nhgknfkfipiflalfpihaicjijikenfoj, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\USERS\PTICHUN\APPDATA\LOCAL\{6D075B5B-49AF-37E3-2437-120B005FEE93}, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\PTICHUN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pbdpajcdgknpendpmecafmopknefafha, Quarantined, [2169], [526588],1.0.5615
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\68JUB3QOLF, Quarantined, [3715], [385289],1.0.5615

File: 104
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE\CONF.DB, Quarantined, [4561], [443706],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\webfonts\anfinity.eot, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\webfonts\anfinity.ttf, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\webfonts\anfinity.woff, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\fonts.css, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\jquery-ui.css, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\site.css, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\content\weather.css, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\128x128.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\16x16.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\19x19.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\38x38.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\favicon.ico, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\icons\pop.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\ic_refresh_black_24dp_2x.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\ic_search_black_24dp_2x.png, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\m1-min.jpg, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\m2-min.jpg, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\m3-min.jpg, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\images\m4-min.jpg, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\bootstrap.min.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\jquery-ui.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\jquery.min.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\jquery.simpleWeather.min.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\list.min.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\external\weather.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\background.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\scripts\site.js, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\_metadata\verified_contents.json, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\main.html, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.BrowserHunt, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki\0.5.8_0\manifest.json, Quarantined, [2121], [400829],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\sese, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\aowLC, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\citi.txt, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\hdat1, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\hdat2, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{3C12F971-B650-73B7-3096-EDF5AAD4663B}\locafi, Quarantined, [3735], [484243],1.0.5615
PUP.Optional.WinHTTP, C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\WINHTTP.DLL, Quarantined, [5270], [382898],1.0.5615
PUP.Optional.SystemTable.Generic, C:\USERS\PTICHUN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE\1.2_0\manifest.json, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon128.png, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon16.png, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon24.png, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon32.png, Quarantined, [4633], [509531],1.0.5615
PUP.Optional.SystemTable.Generic, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\background.js, Quarantined, [4633], [509531],1.0.5615
Adware.Wait3Sec, C:\USERS\PTICHUN\DOWNLOADS\PLAY CROSSOUT.ICO, Quarantined, [4495], [526085],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\webfonts\anfinity.eot, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\webfonts\anfinity.ttf, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\webfonts\anfinity.woff, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\fonts.css, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\jquery-ui.css, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\site.css, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\content\weather.css, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\128x128.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\16x16.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\19x19.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\38x38.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\favicon.ico, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\icons\pop.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\ic_refresh_black_24dp_2x.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\ic_search_black_24dp_2x.png, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\m1-min.jpg, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\m2-min.jpg, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\m3-min.jpg, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\images\m4-min.jpg, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\bootstrap.min.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\jquery-ui.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\jquery.min.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\jquery.simpleWeather.min.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\list.min.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\external\weather.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\background.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\scripts\site.js, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\_metadata\verified_contents.json, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\main.html, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.MountainBrowse, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj\0.5.9_0\manifest.json, Quarantined, [2164], [456668],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\USERS\PTICHUN\APPDATA\LOCAL\{6D075B5B-49AF-37E3-2437-120B005FEE93}\lide, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\bapi_ff.dat, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\bapi_ie.dat, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\install.log, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\noti, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\safo, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\Sqlite3.dll, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\uninst.dat, Quarantined, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\ptichun\AppData\Local\{6D075B5B-49AF-37E3-2437-120B005FEE93}\uninst.exe, Quarantined, [3735], [484244],1.0.5615
Adware.Wait3Sec, C:\USERS\PTICHUN\DOWNLOADS\ADULT DATING.ICO, Quarantined, [4495], [526087],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-18.png, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-48.png, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js\background.js, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\00d25df0, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\index.html, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\manifest.json, Delete-on-Reboot, [2169], [526588],1.0.5615
PUP.Optional.QuickSearcher.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Delete-on-Reboot, [2169], [-1],0.0.0
PUP.Optional.QuickSearcher.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Delete-on-Reboot, [2169], [-1],0.0.0
Adware.Wait3Sec, C:\USERS\PTICHUN\DOWNLOADS\WIN IPHONE X.ICO, Delete-on-Reboot, [4495], [526084],1.0.5615
Adware.Wait3Sec, C:\USERS\PTICHUN\DOWNLOADS\PLAY WARFRAME.ICO, Delete-on-Reboot, [4495], [526086],1.0.5615
PUP.Optional.Conduit, C:\USERS\PTICHUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AUWJIOTQ.DEFAULT-1471367127920-1510800610513\PREFS.JS, Replaced, [220], [301520],1.0.5615
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\68JUB3QOLF\CAST.CONFIG, Quarantined, [3715], [385289],1.0.5615
Adware.Tuto4PC.Generic, C:\Program Files\68JUB3QOLF\68JUB3QOL.exe.config, Quarantined, [3715], [385289],1.0.5615
Adware.Tuto4PC.Generic, C:\Program Files\68JUB3QOLF\uninstaller.exe, Quarantined, [3715], [385289],1.0.5615
Adware.Tuto4PC.Generic, C:\Program Files\68JUB3QOLF\uninstaller.exe.config, Quarantined, [3715], [385289],1.0.5615
Adware.DotDo.DotPrx, C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE, Quarantined, [4845], [532389],1.0.5615
Adware.DotDo.DotPrx, C:\PROGRAM FILES\Google\Chrome\Application\chrome.exe, Quarantined, [4845], [-1],0.0.0
Adware.DotDo.DotPrx, C:\PROGRAM FILES\Mozilla Firefox\firefox.exe, Quarantined, [4845], [-1],0.0.0
PUP.Optional.InstallCore, C:\USERS\PTICHUN\DOWNLOADS\CNET_RESETUP_EXE.EXE, Quarantined, [393], [300186],1.0.5615

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#23 ·
C:\AdwCleaner\Quarantine\v1\20180622.165818\82\ProxyGate\MainService.exe#669258195B2D7AE1 a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\v1\20180622.165818\82\ProxyGate\PGChk.exe#85CADB03816B8A26 a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\v1\20180622.165818\82\ProxyGate\ProxyGate.exe#6AE1CB7B0D6298A5 a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\v1\20180622.165818\82\ProxyGate\TrafficMonitor.exe#3D630DFF20749C23 a variant of Win32/ProxyGate.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\0756KZBAPD\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\4OV5D3E3ZM\4OV5D3E3Z.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\4OV5D3E3ZM\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\7IYDGNJIHD\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\85ZBGYIRU1\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\AT31O40NII\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\cleanComputerNew\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\CY7UKLC70G\CY7UKLC70.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\CY7UKLC70G\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\Dissatisfied\Latham.exe.xBAD a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\Dissatisfied\Dissatisfied\Dissatisfied.exe a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\Dissatisfied\Dissatisfied\Latham.dll a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\Groundstrokes\Latham.exe a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\Groundstrokes\Quayside.exe a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\HLQVFPEM5V\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\L1L39K74D5\FF3A0OWN8.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\L1L39K74D5\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\M41QM9F4J5\EIP7MMZCW.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\M41QM9F4J5\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\obo\obo.exe a variant of MSIL/Adware.Dotdo.FN application
C:\FRST\Quarantine\C\Program Files\postural\mccarren.exe Win32/Adware.Dotdo.R application
C:\FRST\Quarantine\C\Program Files\schelling\Quayside.exe.xBAD a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\schelling\schelling\Quayside.dll a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\schelling\schelling\schelling.exe a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Program Files\U33K7RH5VK\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\ZL9TZMZ5PE\1554M1XZT.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\ZL9TZMZ5PE\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\ZP5JQ90FKY\EY7AMN4AN.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Program Files\ZP5JQ90FKY\uninstaller.exe a variant of MSIL/TrojanDropper.Small.FD trojan
C:\FRST\Quarantine\C\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264.xBAD a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Local\Latham.exe.xBAD a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Local\Quayside.exe.xBAD a variant of MSIL/Adware.Dotdo.EQ application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Local\Package Cache\{A748B732-CE3E-4DB7-BB04-B618F51D4ADB}v1.0.2.0\qtspeedtest.msi a variant of Win32/WeatherBuddy.C potentially unwanted application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Roaming\5a55opst0te\lrth22pizwj.exe a variant of Win32/Adware.Agent.NSU application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Roaming\f4rbsw5zee1\wpmgyaifrkm.exe a variant of Win32/Adware.Agent.NSU application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Roaming\se4whuag0ky\buln3u23zxn.exe a variant of Win32/Adware.Agent.NSU application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Roaming\spog5xmyzlf\1cjcmkihkh5.exe a variant of Win32/Adware.Agent.NSU application
C:\FRST\Quarantine\C\Users\ptichun\AppData\Roaming\w3bxmavwtvf\yawta4xkmfj.exe a variant of Win32/Adware.Agent.NSU application
C:\FRST\Quarantine\C\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar.xBAD a variant of Win32/Kryptik.GHWD trojan
C:\FRST\Quarantine\C\Windows\grail.exe.xBAD a variant of MSIL/Adware.Dotdo.EQ application
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application
C:\Program Files\Sid Meier's Civilization V\steam_api.dll Win32/HackTool.Crack.CC potentially unsafe application
C:\Users\ptichun\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\ptichun\Documents\vshare-plugin.exe a variant of Win32/Toolbar.iMedix.A potentially unwanted application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup521.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup522.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup523.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup524.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup527.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup528.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup530.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup531.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup532.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup533.exe Win32/HackedApp.CCleaner.A trojan
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup534.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup535.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\ccsetup536.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Documents\My Filehippo Downloads\winzip205-32.msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Users\ptichun\Documents\Veronika\Downloads\Adobe.CS3.Master.Collection.Corporate\ACS3MCD1.iso a variant of Win32/Keygen.BR potentially unsafe application
C:\Users\ptichun\Downloads\any-audio-converter.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.L potentially unwanted application
C:\Users\ptichun\Downloads\cbsidlm-cbsi188-Nero_Burning_ROM_2014-SEO-75785458.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\ptichun\Downloads\ccsetup517.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Downloads\ccsetup518 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Downloads\ccsetup524.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ptichun\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application,Win32/OpenCandy potentially unsafe application,a variant of Win32/Freemake.A potentially unwanted application
C:\Users\ptichun\Downloads\Get.on.Up.2014.HC.HDRip.XViD.AC3-juggs[ETRG].exe a variant of MSIL/Adware.WiseInstaller.A application
C:\Users\ptichun\Downloads\SoftonicDownloader_for_adobe-photoshop.exe Win32/SoftonicDownloader.A potentially unwanted application
C:\Users\ptichun\Downloads\winzip16-32.exe a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Users\ptichun\Downloads\winzip160.exe a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Users\ptichun\Downloads\WinZip170_2.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\ptichun\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\ptichun\Downloads\winzip21-lan.exe Win32/InstallCore.Gen.A potentially unwanted application
C:\Users\ptichun\Downloads\wz20-mf.exe Win32/InstallCore.Gen.A potentially unwanted application
C:\Windows\Installer\MSI9077.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\tasks.dll a variant of Win32/Tasks.A potentially unwanted application
 
#25 ·
Hello ptichun :)

Remote Access Infection Warning!

Your logs indicate that your are infected with multiple serious infections including: Win32/Floxif, Win32/Kryptik, and TrojanDropper:Win32/Small. Floxif is a remote access trojan that allows the attacker to make changes to your computer as if he or she were sitting right in front of it. Kryptik is a similar type of malware that is known to steal banking information. Win32/Small is a trojan that allows the attacker to download and install other malicious programs.

What should you do now?
  • Disconnect the infected computer from the internet and from any other networked devices.
  • If this computer was used for online banking or shopping, contact your bank immediately and let them know that your information may have been compromised.
  • From a clean computer change all your passwords. This includes your internet login, email, PayPal, Amazon, Facebook, and any other online activities that require a username and password.
    Do NOT change your passwords from the infected computer, the attacker will be able to get all the new passwords.
  • Back up all your important data except programs. Programs can be reinstalled from their CD's or downloading the installer. The safest practice is to not backup files with the following file extensions as they may be infected:
    .exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab

Given how widespread your infection is, I think the only responsible course of action is to reformat your hardrive and reinstall Windows. Regardless of how many scans we run, there is no way to be certain that none of the infection remains. Until you do this, this computer cannot be trusted. It should not be used for online banking, e-commerce, or any other activity that could expose private information. It can be easy to forget weeks or months down the line and end up having your credit card information stolen.

Please take time to carefully read THIS topic, then let me know how you want to proceed. Regardless of what you decide, I still recommend contacting your bank and credit card providers especially since Kryptik is known to specifically look for and steal that information.

Additional reading:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

I'd also like to again point out the dangers of torrents; 2 different torrented files were identified as carrying 2 different infections. Refraining from using peer-to-peer software is one of the most important preventative steps that you can take.

Regards,
capnkrunch
 
#26 ·
Hello capnkrunch

Thanks for all of your help. I have changed my information and I am ready to wipe this computer clean. Could you also help me with that? My version of windows came with the computer so I am not sure where to get the windows again? Any suggestions?

ptichun
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top