1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Painfully Slow Computer

Discussion in 'Virus & Other Malware Removal' started by ptichun, Jun 19, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Hi, yesterday I tried downloading some material from the internet and computer installed bunch of malware and viruses on the computer. Since then it has been extremely slow. I tried uninstalling programs that installed yesterday and was successful. Please help.

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 2908 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1326 Mb
    Hard Drives: C: 434 GB (22 GB Free); F: 465 GB (191 GB Free);
    Motherboard: TOSHIBA, KSWAA
    Antivirus: Microsoft Security Essentials, Enabled and Updated
     
  2. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Hello ptichun and welcome back to the Tech Support Guy Forums :)

    My name is capnkrunch and I will be helping you with your malware problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
    • The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    • You must have Administrator rights, permissions for this computer.
    • DO NOT run any other fix or removal tools unless instructed to do so.
    • DO NOT install any other software (or hardware) during the cleaning process.
    • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
      Remember, absence of symptoms does mean the infection is all gone.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

    For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
    exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

     
  3. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Please run the following scan:

    FRST Scan
    • Please download FRST by Farbar, and save it to your Desktop.
      You need to download and run the 32-bit version.
    • Close all open programs and windows so you are at your Desktop.
    • Right click FRST.exe and select Run as administrator.
    • When the tool opens click Yes to the disclaimer.
    • Press the Scan button and wait while the scan finished
    • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
      The logs can also be found in the same directory where FRST was run from.
    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

    In your next reply please include:
    • Did you have any problems with the instructions?
    • FRST.txt
    • Addition.txt
    • Are there any changes in computer behavior?
     
  4. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    1. No problems with the instructions.
    4. Computer behavior - blinks other unknown programs windows over the screen when you are doing some computer work.
     
  5. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.06.2018
    Ran by ptichun (administrator) on SVEZNALICA (19-06-2018 14:06:16)
    Running from C:\Users\ptichun\Downloads
    Loaded Profiles: ptichun (Available Profiles: ptichun & Administrator)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Wireless Service) C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
    () C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
    (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Gold Click Ltd) C:\Program Files\ProxyGate\Cloud.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Gold Click Ltd) C:\Program Files\ProxyGate\PGChk.exe
    (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (DivX, LLC) C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    (AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    () C:\Program Files\Hexagon\cans.exe
    () C:\Program Files\Hexagon\cans.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (© 2015 Microsoft Corporation) C:\Users\ptichun\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
    (Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    () C:\Program Files\postural\mccarren.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Melasys) C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Program Files\Groundstrokes\Quayside.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    () C:\Users\ptichun\AppData\Local\Latham.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefoxJu.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [274608 2010-11-23] (RealNetworks, Inc.)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
    HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
    HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-05-22] (Apple Inc.)
    HKLM\...\Run: [Flayed] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Lentz] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Catastrophic] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Lady] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Scapegoats] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKLM\...\Run: [Bellotti] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [BingSvc] => C:\Users\ptichun\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Chromium] => c:\users\ptichun\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Technologies S.A.)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Mclarty] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Cleave] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Momentum] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Featherbedding] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Harmonies] => C:\Program Files\schelling\Quayside.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [Shucks] => C:\Program Files\Groundstrokes\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [mccarren] => C:\Program Files\postural\mccarren.exe [44824 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [caper] => C:\Program Files\Dissatisfied\Latham.exe [203264 2018-06-18] ()
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Run: [ImpaqSpeed] => C:\Users\ptichun\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15774312 2018-05-21] (Melasys)
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\MountPoints2: {2a329238-ce02-11e0-a84e-002622ebfd92} - E:\LaunchU3.exe
    HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-10]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenville.lnk [2018-06-18]
    ShortcutTarget: greenville.lnk -> C:\Program Files\Dissatisfied\Latham.exe ()
    Startup: C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\greenvillegreenville.lnk [2018-06-18]
    ShortcutTarget: greenvillegreenville.lnk -> C:\Program Files\schelling\Quayside.exe ()
    BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50955;https=127.0.0.1:50955
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{0616128D-6371-4967-B2C1-BFAD6043F725}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{0616128D-6371-4967-B2C1-BFAD6043F725}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{69C0A4BD-10DF-4634-9868-861521F3C6BE}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{89F93CFB-3F38-40F9-B383-E16F12C1D582}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{98BA5D8D-9CCB-4208-A8C4-E1B6BCB132A2}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{DFD29AFC-4966-4800-9940-D36BB08AF495}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ca.yahoo.com/?fr=fp-yie9
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0375bd32&q={searchTerms}
    SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
    SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061318-AD26CBEB7DD&form=CONBDF&conlogo=CT3335811&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {40F707B0-22D1-442B-9824-BF665554FCC8} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0375bd32&q={searchTerms}
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-20] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
    BHO: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files\Keepvid\KeepVid KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2018-02-02] ()
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
    DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Technologies)
    Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF DefaultProfile: auwjiotq.default-1471367127920-1510800610513
    FF ProfilePath: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\f4mvyrgd.default-1498053148872 [2018-06-18]
    FF ProfilePath: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 [2018-06-19]
    FF Homepage: Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 -> about:home
    FF NewTab: Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513 -> hxxp://www.bing.com/?pc=COSP&ptag=D061318-AD26CBEB7DD&form=CONMHP&conlogo=CT3335811
    FF Extension: (SaveFrom.net helper) - C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513\Extensions\[email protected] [2018-06-18]
    FF SearchPlugin: C:\Users\ptichun\AppData\Roaming\Mozilla\Firefox\Profiles\auwjiotq.default-1471367127920-1510800610513\searchplugins\bing-lavasoft-ff59.xml [2018-06-13]
    FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\[email protected] [2018-05-09] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-04] [Legacy] [not signed]
    FF HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
    FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2101005229-1017427555-4036206314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ptichun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFemqrj-rMQQYj9WvYBYE0FaarNOnhNvfXQvx34KwIzzvuTrxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoG1GcnEQ_XpzuQqeGfpS2baVmUZQpltYr1il4ONFvOEVLqgBgcL4Pd51IpZJzznddpDeVUlq7blSF6QFdpFkfzNnKpPJ44zANdI60m5hktFaXgRfspziMfcD_lYJ237M_pxFV-_TtqK9cHMupac8pqa-cYrPU1XsK6LW-iQYYA,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR Profile: C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
    CHR Extension: (Slides) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
    CHR Extension: (Docs) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
    CHR Extension: (Google Drive) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
    CHR Extension: (Google Search) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (Tampermonkey) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-18]
    CHR Extension: (Adobe Acrobat) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-24]
    CHR Extension: (Browser Hunt) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-09-11]
    CHR Extension: (Sheets) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
    CHR Extension: (Google Docs Offline) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Skype) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-05-06]
    CHR Extension: (Mountain Browse) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj [2017-09-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-11]
    CHR Extension: (Simple Finder Multi Region) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-06-18]
    CHR Extension: (Gmail) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-27]
    CHR Extension: (Chrome Media Router) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-06]
    CHR Extension: (System Table) - C:\Users\ptichun\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-06-18]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
    R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [181616 2009-07-17] (TOSHIBA CORPORATION)
    R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    R2 DbxSvc; C:\windows\system32\DbxSvc.exe [43344 2018-06-04] (Dropbox, Inc.)
    R2 D_Link_DWA-125; C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2009-08-21] (Wireless Service) [File not signed]
    R2 D_Link_DWA-125_WPS; C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [322792 2018-03-26] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
    S2 pgt_svc; C:\Program Files\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
    R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
    S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop186.exe [517432 2018-05-21] (PandaViewer)
    S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [181616 2009-08-10] (TOSHIBA Corporation)
    S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
    S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
    S3 WsDrvInst; C:\Program Files\Keepvid\KeepVid KeepVid Pro\DriverInstall.exe [109688 2018-02-02] (Wondershare)
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 anodlwf; C:\windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
    R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
    R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
    R3 netr28u; C:\windows\System32\DRIVERS\Dnetr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
    S3 s117bus; C:\windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
    S3 s117mdfl; C:\windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
    S3 s117mdm; C:\windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
    S3 s117mgmt; C:\windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
    S3 s117nd5; C:\windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
    S3 s117obex; C:\windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
    S3 s117unic; C:\windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
    R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
    U0 aswVmm; no ImagePath
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S1 netfilter2; system32\drivers\netfilter2.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-19 14:06 - 2018-06-19 14:20 - 000030051 _____ C:\Users\ptichun\Downloads\FRST.txt
    2018-06-19 14:04 - 2018-06-19 14:06 - 000000000 ____D C:\FRST
    2018-06-19 14:01 - 2018-06-19 14:02 - 001773568 _____ (Farbar) C:\Users\ptichun\Downloads\FRST.exe
    2018-06-19 07:11 - 2018-06-19 07:11 - 000748192 _____ (TechGuy, Inc.) C:\Users\ptichun\Downloads\SysInfo(2).exe
    2018-06-19 07:09 - 2018-06-19 07:09 - 000748192 _____ (TechGuy, Inc.) C:\Users\ptichun\Downloads\SysInfo(1).exe
    2018-06-19 06:03 - 2018-06-19 06:12 - 002709624 _____ C:\windows\ntbtlog.txt
    2018-06-18 18:55 - 2018-06-18 18:55 - 000000000 ____D C:\Users\ptichun\AppData\Local\ImpaqSpeed
    2018-06-18 18:44 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
    2018-06-18 18:44 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\NCWS1MPIV7
    2018-06-18 18:27 - 2018-06-18 18:27 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\OneSystemCare
    2018-06-18 18:27 - 2018-06-18 18:27 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\FastDataX
    2018-06-18 18:25 - 2018-06-18 18:25 - 000145456 _____ C:\windows\Minidump\061818-71791-01.dmp
    2018-06-18 09:21 - 2018-06-18 16:55 - 000082432 _____ (ahjqtbs) C:\Users\ptichun\AppData\Roaming\command.dll
    2018-06-18 07:36 - 2018-06-18 07:36 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2018-06-18 07:29 - 2018-06-18 07:46 - 000000000 ____D C:\Program Files\CY7UKLC70G
    2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\uf3r21up1fz
    2018-06-18 06:38 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\74B1NTFBRT
    2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\se4whuag0ky
    2018-06-18 06:30 - 2018-06-18 06:30 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\f4rbsw5zee1
    2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\ZL9TZMZ5PE
    2018-06-18 06:29 - 2018-06-18 06:30 - 000000000 ____D C:\Program Files\M41QM9F4J5
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\qhtybw0wvmx
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\moztjnjsxyu
    2018-06-18 06:28 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\e32exah2ukl
    2018-06-18 06:27 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\c5koq5i2kl1
    2018-06-18 06:23 - 2018-06-18 06:23 - 000000000 ____D C:\Program Files\ZP5JQ90FKY
    2018-06-18 06:15 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AT31O40NII
    2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5k4lcptyol1
    2018-06-18 06:14 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3z5gjlt5qci
    2018-06-18 06:14 - 2018-06-18 06:15 - 000000000 ____D C:\Program Files\4OV5D3E3ZM
    2018-06-18 06:14 - 2018-06-18 06:14 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\spog5xmyzlf
    2018-06-18 06:09 - 2018-06-18 06:09 - 002948240 _____ (BitTorrent Inc.) C:\Users\ptichun\Incredibles 2 2018 NEW HDCAM X264
    2018-06-18 06:07 - 2018-06-18 06:07 - 000000012 _____ C:\windows\b8998883
    2018-06-18 06:06 - 2018-06-18 06:07 - 000000000 ____D C:\Program Files\ProxyGate
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\postural
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ___HD C:\Program Files\Groundstrokes
    2018-06-18 06:06 - 2018-06-18 06:06 - 000000000 ____D C:\Program Files\obo
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\schelling
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Hexagon
    2018-06-18 06:05 - 2018-06-18 06:05 - 000000000 ____D C:\Program Files\Dissatisfied
    2018-06-18 06:04 - 2018-06-18 18:46 - 000000000 ____D C:\ProgramData\yahoochrome_D
    2018-06-18 06:04 - 2018-06-18 06:05 - 000000000 ____D C:\Users\ptichun\AppData\Local\Package Cache
    2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\w3bxmavwtvf
    2018-06-18 06:03 - 2018-06-18 06:03 - 000000000 ____D C:\Program Files\L1L39K74D5
    2018-06-18 06:02 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\0756KZBAPD
    2018-06-18 06:02 - 2018-06-18 06:43 - 000000000 ____D C:\Program Files\Multitimer
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\acnfk1yolmo
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\AAAZZZ
    2018-06-18 06:01 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\7IYDGNJIHD
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\gpezmwclh54
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\3nwf3zdl1oa
    2018-06-18 06:00 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\HLQVFPEM5V
    2018-06-18 06:00 - 2018-06-18 06:00 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\5a55opst0te
    2018-06-18 05:59 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\U33K7RH5VK
    2018-06-18 05:58 - 2018-06-19 06:25 - 000000000 ____D C:\Program Files\AnonymizerGadget
    2018-06-18 05:58 - 2018-06-19 06:24 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\WidModule
    2018-06-18 05:58 - 2018-06-19 06:10 - 000000000 ____D C:\Program Files\ios0vrked4g
    2018-06-18 05:58 - 2018-06-19 06:09 - 000000000 ____D C:\Program Files\85ZBGYIRU1
    2018-06-18 05:58 - 2018-06-18 06:48 - 000000000 ____D C:\Program Files\cleanComputerNew
    2018-06-18 05:58 - 2018-06-18 06:06 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\AGData
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001094 _____ C:\Users\ptichun\Desktop\Adult Dating.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Warframe.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001090 _____ C:\Users\ptichun\Desktop\Play Crossout.lnk
    2018-06-18 05:57 - 2018-06-18 05:57 - 000001086 _____ C:\Users\ptichun\Desktop\Win iPhone X.lnk
    2018-06-18 05:50 - 2018-06-18 05:50 - 000763096 _____ (WinZip Computing, S.L.) C:\Users\ptichun\Downloads\winzip22.exe
    2018-06-18 05:28 - 2018-06-18 05:28 - 000732164 _____ C:\Users\ptichun\Downloads\Incredibles_2_2018_NEW_HDCAM_X264.rar
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\windows\grail.exe
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Quayside.exe
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ C:\Users\ptichun\AppData\Local\Latham.exe
    2018-06-13 13:08 - 2018-06-13 13:08 - 000000000 ____D C:\Users\ptichun\Downloads\The.Incredibles.2.DVDrip
    2018-06-13 12:55 - 2018-06-13 12:58 - 000000000 ____D C:\Users\ptichun\Downloads\The Incredibles (2004)
    2018-06-13 09:58 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2018-06-13 09:58 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2018-06-13 09:58 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2018-06-13 09:58 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\windows\system32\halmacpi.dll
    2018-06-13 09:58 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
    2018-06-13 09:58 - 2018-05-28 19:32 - 000137920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2018-06-13 09:58 - 2018-05-28 19:32 - 000136384 _____ (Microsoft Corporation) C:\windows\system32\halacpi.dll
    2018-06-13 09:58 - 2018-05-28 19:32 - 000067264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2018-06-13 09:58 - 2018-05-28 19:25 - 001310480 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2018-06-13 09:58 - 2018-05-28 19:22 - 001063424 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2018-06-13 09:58 - 2018-05-28 19:22 - 000655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2018-06-13 09:58 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2018-06-13 09:58 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2018-06-13 09:58 - 2018-05-28 19:22 - 000082432 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
    2018-06-13 09:58 - 2018-05-28 19:01 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
    2018-06-13 09:58 - 2018-05-28 18:59 - 000124928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2018-06-13 09:58 - 2018-05-28 18:58 - 000069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2018-06-13 09:58 - 2018-05-28 17:04 - 000535616 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2018-06-13 09:58 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2018-06-13 09:58 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2018-06-13 09:58 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2018-06-13 09:58 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2018-06-13 09:58 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2018-06-13 09:58 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2018-06-13 09:58 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2018-06-13 09:58 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2018-06-13 09:58 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2018-06-13 09:58 - 2018-05-24 20:59 - 000668160 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2018-06-13 09:58 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2018-06-13 09:58 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2018-06-13 09:58 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2018-06-13 09:58 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2018-06-13 09:58 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2018-06-13 09:58 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2018-06-13 09:58 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2018-06-13 09:58 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2018-06-13 09:58 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2018-06-13 09:58 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2018-06-13 09:58 - 2018-05-24 20:38 - 000692224 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2018-06-13 09:58 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2018-06-13 09:58 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2018-06-13 09:58 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2018-06-13 09:58 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2018-06-13 09:58 - 2018-05-14 20:44 - 001214656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
    2018-06-13 09:58 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2018-06-13 09:58 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\windows\system32\webservices.dll
    2018-06-13 09:58 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2018-06-13 09:58 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
    2018-06-13 09:58 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
    2018-06-13 09:58 - 2018-05-14 18:09 - 000410080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2018-06-13 09:58 - 2018-05-14 18:09 - 000374872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2018-06-13 09:58 - 2018-05-11 18:56 - 000056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
    2018-06-13 09:58 - 2018-05-11 18:56 - 000025984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
    2018-06-13 09:58 - 2018-05-11 18:56 - 000024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
    2018-06-13 09:58 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2018-06-13 09:58 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2018-06-13 09:58 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2018-06-13 09:57 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2018-06-13 09:57 - 2018-05-28 19:03 - 000097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2018-06-13 09:57 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2018-06-13 09:57 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2018-06-13 09:57 - 2018-05-28 19:03 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2018-06-13 09:57 - 2018-05-28 19:03 - 000016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2018-06-13 09:57 - 2018-05-28 19:01 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2018-06-13 09:57 - 2018-05-28 18:59 - 000226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2018-06-13 09:57 - 2018-05-28 18:59 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2018-06-13 09:57 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2018-06-13 09:57 - 2018-05-28 18:58 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2018-06-13 09:57 - 2018-05-28 18:58 - 000015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2018-06-13 09:57 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2018-06-13 09:57 - 2018-05-24 21:28 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2018-06-13 09:57 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2018-06-13 09:57 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2018-06-13 09:57 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2018-06-13 09:57 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2018-06-13 09:57 - 2018-05-24 21:06 - 000104960 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2018-06-13 09:57 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2018-06-13 09:57 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2018-06-13 09:57 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2018-06-13 09:57 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
    2018-06-13 09:57 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
    2018-06-09 18:34 - 2018-06-09 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2018-06-07 19:36 - 2018-06-07 19:36 - 067752149 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 9, Ep 10_ Head Games.mp4
    2018-06-07 19:11 - 2018-06-07 19:11 - 067428038 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 12, Ep 5_ Quite a Spectacle.mp4
    2018-06-07 13:08 - 2018-06-07 13:08 - 054842706 _____ C:\Users\ptichun\Downloads\What Does Not Guilty By Reason Of Insanity Mean.mp4
    2018-06-07 12:41 - 2018-06-07 12:44 - 292067548 _____ C:\Users\ptichun\Downloads\CSI_ Reality! Real life Forensic Psychiatrist Tara Straker talks criminals.mp4
    2018-06-07 12:34 - 2018-06-07 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2018-06-05 19:25 - 2018-06-05 19:26 - 084553979 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 2 Ep 6_ The Blood Trail.mp4
    2018-06-05 19:17 - 2018-06-05 19:18 - 081292653 _____ C:\Users\ptichun\Downloads\Forensic Files - Season 2 Ep 4_ Sex, Lies, and DNA.mp4
    2018-06-05 16:38 - 2018-06-05 16:39 - 153315200 _____ C:\Users\ptichun\Downloads\Forensic Files in HD - Season 13 Ep 20_ DNA Dragnet.mp4
    2018-06-05 16:28 - 2018-06-05 16:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
    2018-06-05 06:13 - 2018-06-05 06:15 - 156298723 _____ C:\Users\ptichun\Downloads\DNA The Secret of Photo 51.mp4
    2018-06-04 03:18 - 2018-06-04 03:18 - 000043344 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
    2018-06-04 03:18 - 2018-06-04 03:18 - 000038968 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
    2018-06-04 03:18 - 2018-06-04 03:18 - 000035432 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
    2018-06-04 03:18 - 2018-06-04 03:18 - 000035408 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
    2018-06-03 18:50 - 2018-06-03 19:12 - 035851785 _____ C:\Users\ptichun\Downloads\Forensic Files Death By Poison Dessert Served Cold 2.mp4
    2018-06-03 18:46 - 2018-06-03 19:11 - 042949657 _____ C:\Users\ptichun\Downloads\Forensic Files Death By Poison Dessert Served Cold 1.mp4
    2018-06-03 18:26 - 2018-06-03 19:10 - 091985802 _____ C:\Users\ptichun\Downloads\Forensic Files_ Season 1 Ep 11 Outbreak.mp4
    2018-06-03 09:07 - 2018-06-03 09:07 - 000001718 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-06-03 09:07 - 2018-06-03 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-06-03 09:05 - 2018-06-03 09:07 - 000000000 ____D C:\Program Files\iTunes
    2018-05-25 07:39 - 2018-05-25 08:03 - 047050226 _____ C:\Users\ptichun\Downloads\Balancing Chemical Equations Practice Problems.mp4
    2018-05-25 07:18 - 2018-05-25 07:38 - 053286552 _____ C:\Users\ptichun\Downloads\Introduction to Balancing Chemical Equations.mp4

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-19 14:23 - 2010-08-02 00:20 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Skype
    2018-06-19 14:10 - 2014-09-03 10:46 - 000000000 ____D C:\Users\ptichun\Documents\Nogomet
    2018-06-19 13:26 - 2015-06-11 13:14 - 000000898 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
    2018-06-19 10:25 - 2015-06-11 13:14 - 000000894 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
    2018-06-19 08:30 - 2009-07-13 21:34 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-06-19 08:30 - 2009-07-13 21:34 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-06-19 07:41 - 2016-09-25 09:03 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\Mozilla
    2018-06-19 07:07 - 2011-05-29 18:00 - 000000000 ____D C:\Program Files\Canon
    2018-06-19 07:04 - 2011-05-29 18:10 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Canon
    2018-06-19 07:00 - 2009-07-13 19:37 - 000000000 ____D C:\windows\inf
    2018-06-19 06:39 - 2014-11-20 22:07 - 000000000 ____D C:\ProgramData\WinZip
    2018-06-19 06:22 - 2017-10-24 19:13 - 000000382 _____ C:\windows\Tasks\FreeFileViewerUpdateChecker.job
    2018-06-19 06:17 - 2011-10-06 00:08 - 000000007 _____ C:\windows\system32\ANIWZCSUSERNAME{DFD29AFC-4966-4800-9940-D36BB08AF495}
    2018-06-19 06:17 - 2009-07-13 21:53 - 000000006 ____H C:\windows\Tasks\SA.DAT
    2018-06-18 18:25 - 2014-11-16 12:16 - 000000000 ____D C:\windows\Minidump
    2018-06-18 09:24 - 2016-03-21 09:15 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\Opera Software
    2018-06-18 06:34 - 2017-06-10 06:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-06-18 06:34 - 2015-08-18 13:44 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2018-06-18 06:32 - 2016-11-06 21:29 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\BitTorrent
    2018-06-18 06:16 - 2011-12-03 20:04 - 000000000 ____D C:\Users\ptichun\AppData\Roaming\vlc
    2018-06-18 06:09 - 2009-12-26 23:02 - 000000000 ____D C:\Users\ptichun
    2018-06-18 05:58 - 2009-12-26 12:34 - 000000000 ____D C:\Program Files\Google
    2018-06-17 23:24 - 2009-07-13 19:37 - 000000000 ____D C:\windows\rescache
    2018-06-17 21:51 - 2009-12-26 12:21 - 000730532 _____ C:\windows\system32\PerfStringBackup.INI
    2018-06-14 15:04 - 2016-10-07 11:57 - 000000000 ____D C:\Users\ptichun\Documents\My Scans
    2018-06-14 14:38 - 2018-03-30 14:16 - 000000000 ____D C:\Users\ptichun\AppData\LocalLow\BitTorrent
    2018-06-14 03:20 - 2013-07-10 10:59 - 000000000 ____D C:\windows\system32\MRT
    2018-06-14 03:09 - 2017-10-11 22:52 - 130354992 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
    2018-06-14 03:09 - 2009-12-28 02:55 - 130354992 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2018-06-13 12:56 - 2016-11-06 21:31 - 000000887 _____ C:\Users\ptichun\Desktop\BitTorrent.lnk
    2018-06-13 12:56 - 2016-11-06 21:31 - 000000867 _____ C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2018-06-13 09:53 - 2015-05-03 11:39 - 000000000 ____D C:\Users\ptichun\Documents\My Filehippo Downloads
    2018-06-13 06:47 - 2015-02-15 23:34 - 000846848 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2018-06-13 06:47 - 2015-02-15 23:34 - 000175616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2018-06-13 06:47 - 2009-12-26 12:29 - 000000000 ____D C:\windows\system32\Macromed
    2018-06-13 06:40 - 2013-02-21 16:56 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-06-13 06:40 - 2013-02-21 16:56 - 000002100 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-06-07 14:28 - 2016-11-06 20:40 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-06-07 12:35 - 2015-06-11 13:14 - 000000000 ____D C:\Program Files\Dropbox
    2018-06-03 12:38 - 2011-12-03 19:53 - 000000999 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2018-06-03 09:07 - 2016-09-14 09:42 - 000000000 ____D C:\Program Files\iPod

    ==================== Files in the root of some directories =======

    2016-11-06 20:26 - 2016-11-06 20:28 - 007299584 _____ () C:\Users\ptichun\AppData\Roaming\agent.dat
    2011-10-05 23:44 - 2011-10-05 23:44 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{BCB7DA77-C4C7-49FD-A240-0ABA917BDB77}.ini
    2013-03-25 05:02 - 2015-01-27 19:35 - 000000258 _____ () C:\Users\ptichun\AppData\Roaming\ANICONFIG_{DFD29AFC-4966-4800-9940-D36BB08AF495}.ini
    2011-10-06 00:09 - 2015-07-19 19:24 - 000003284 _____ () C:\Users\ptichun\AppData\Roaming\ANIWZCS{DFD29AFC-4966-4800-9940-D36BB08AF495}
    2018-06-18 09:21 - 2018-06-18 16:55 - 000082432 _____ (ahjqtbs) C:\Users\ptichun\AppData\Roaming\command.dll
    2016-11-06 20:24 - 2016-11-06 20:24 - 000140288 _____ () C:\Users\ptichun\AppData\Roaming\Installer.dat
    2016-11-06 20:26 - 2016-11-06 20:28 - 000018432 _____ () C:\Users\ptichun\AppData\Roaming\Main.dat
    2014-11-20 23:07 - 2015-02-08 11:08 - 000000194 _____ () C:\Users\ptichun\AppData\Roaming\WB.CFG
    2010-05-15 12:16 - 2010-05-15 12:16 - 000000000 _____ () C:\Users\ptichun\AppData\Roaming\wklnhst.dat
    2011-04-02 19:17 - 2011-04-02 19:17 - 000001550 ___SH () C:\Users\ptichun\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
    2015-09-27 09:08 - 2015-11-15 20:47 - 000183255 _____ () C:\Users\ptichun\AppData\Local\ars.cache
    2015-09-27 09:08 - 2015-11-15 20:47 - 000441317 _____ () C:\Users\ptichun\AppData\Local\census.cache
    2012-02-29 23:04 - 2018-04-18 16:03 - 000010240 _____ () C:\Users\ptichun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-22 12:29 - 2014-12-17 01:07 - 000000001 _____ () C:\Users\ptichun\AppData\Local\DSI.DAT
    2015-09-26 09:40 - 2015-09-26 09:40 - 000000036 _____ () C:\Users\ptichun\AppData\Local\housecall.guid.cache
    2011-01-21 12:27 - 2011-01-21 12:27 - 000004096 ____H () C:\Users\ptichun\AppData\Local\keyfile3.drm
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Latham.exe
    2011-09-04 02:02 - 2011-09-04 02:02 - 000000000 _____ () C:\Users\ptichun\AppData\Local\Pnumog.bin
    2011-09-04 02:02 - 2011-09-04 02:02 - 000000120 _____ () C:\Users\ptichun\AppData\Local\Pyegoxired.dat
    2011-04-02 19:17 - 2011-04-02 19:17 - 000114688 ___SH (Microsoft Corporation) C:\Users\ptichun\AppData\Local\qgp.exe
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Quayside.exe
    2015-09-27 09:05 - 2015-11-15 20:43 - 000000010 _____ () C:\Users\ptichun\AppData\Local\sponge.last.runtime.cache
    2015-11-05 23:05 - 2015-11-05 23:06 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{3862AE44-B056-4D19-A9AE-2CE1126EBDB3}
    2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{5AFA009C-BEA2-4175-AE4B-623C88EDD3C3}
    2016-07-15 19:27 - 2016-07-15 19:27 - 000000000 _____ () C:\Users\ptichun\AppData\Local\{92397A79-A984-49F7-9392-161E9112C5B5}

    Files to move or delete:
    ====================
    C:\Program Files\Google\Chrome\Application\winhttp.dll


    Some files in TEMP:
    ====================
    2018-06-18 06:03 - 2018-06-18 06:03 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529327006RlVtmpdown.exe
    2018-06-18 07:30 - 2018-06-18 07:30 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529332116RlVtmpdown.exe
    2018-06-18 18:44 - 2018-06-18 18:45 - 001537784 _____ (BANANA SUMMER LIMITED) C:\Users\ptichun\AppData\Local\Temp\1529372696RlVtmpdown.exe
    2018-06-18 05:57 - 2018-06-18 05:57 - 000920448 _____ () C:\Users\ptichun\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
    2018-06-18 05:57 - 2018-06-18 05:57 - 000450370 _____ (Chi5 ) C:\Users\ptichun\AppData\Local\Temp\global_installer.exe
    2018-06-18 05:58 - 2018-06-18 05:58 - 000768253 _____ (qwVbBgK7gezpge4ICzVj ) C:\Users\ptichun\AppData\Local\Temp\installer.exe
    2017-04-23 18:47 - 2017-04-23 18:47 - 000739904 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u131-windows-au.exe
    2017-07-19 14:45 - 2017-07-19 14:45 - 000739904 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u141-windows-au.exe
    2017-10-20 18:37 - 2017-10-20 18:37 - 001856576 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u151-windows-au.exe
    2018-01-27 10:53 - 2018-01-27 10:53 - 001864256 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u161-windows-au.exe
    2018-04-19 16:54 - 2018-04-19 16:54 - 001884616 _____ (Oracle Corporation) C:\Users\ptichun\AppData\Local\Temp\jre-8u171-windows-au.exe
    2018-02-26 23:14 - 2018-02-26 23:22 - 081400536 _____ (KeepVid Studio ) C:\Users\ptichun\AppData\Local\Temp\keepvid-pro_full2578.exe
    2018-06-19 07:04 - 2007-02-15 08:59 - 000308832 ____H (CANON INC.) C:\Users\ptichun\AppData\Local\Temp\Maint000.exe
    2018-06-18 06:02 - 2018-06-18 06:02 - 000375522 _____ ( ) C:\Users\ptichun\AppData\Local\Temp\q2i3mrcvzix.exe
    2018-04-10 20:30 - 2018-04-10 20:31 - 058834376 _____ (Skype Technologies S.A.) C:\Users\ptichun\AppData\Local\Temp\SkypeSetup.exe
    2018-06-19 07:06 - 2007-05-14 09:01 - 000116328 _____ (CANON INC.) C:\Users\ptichun\AppData\Local\Temp\uninst.exe
    2018-06-19 07:03 - 2007-01-05 17:10 - 000239200 ____R () C:\Users\ptichun\AppData\Local\Temp\uninstall.exe
    2017-03-16 08:16 - 2017-03-16 08:17 - 014456872 _____ (Microsoft Corporation) C:\Users\ptichun\AppData\Local\Temp\vc_redist.x86.exe
    2018-01-25 18:00 - 2018-01-25 18:00 - 000057346 _____ () C:\Users\ptichun\AppData\Local\Temp\{A126DDAB-F8EE-4019-8417-3D0F1A7B0149}-DropboxClient_42.4.114.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-17 23:15

    ==================== End of FRST.txt ============================
     
  6. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19.06.2018
    Ran by ptichun (19-06-2018 14:26:24)
    Running from C:\Users\ptichun\Downloads
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-12-27 06:01:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2101005229-1017427555-4036206314-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2101005229-1017427555-4036206314-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2101005229-1017427555-4036206314-1002 - Limited - Enabled)
    ptichun (S-1-5-21-2101005229-1017427555-4036206314-1000 - Administrator - Enabled) => C:\Users\ptichun

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 18.05 (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.122 - Adobe Systems Incorporated)
    Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
    Aimersoft Helper Compact 2.5.2 (HKLM\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
    Apple Application Support (32-bit) (HKLM\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{F9055C0A-F9F9-4EE1-8554-80BEBA0B43F4}) (Version: 11.3.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    BitTorrent (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.255 - DivX, LLC)
    Dropbox (HKLM\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
    File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
    Free CDA To MP3 Converter (HKLM\...\{B633C3BA-23BE-45E8-BF8B-9749FCBFA340}}_is1) (Version: 1.0.0.0 - Convert Audio Free)
    Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
    FreeRIP MP3 Converter 5.5.0.2 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.5.0.2 - GreenTree Applications SRL)
    GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
    Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    iCloud (HKLM\...\{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}) (Version: 7.5.0.34 - Apple Inc.)
    Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
    Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
    iTunes (HKLM\...\{A0274977-870A-42EA-ACB8-E1AAFECB3855}) (Version: 12.7.5.9 - Apple Inc.)
    Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
    Java 8 Update 172 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
    KeepVid Pro(Build 7.1.2.1) (HKLM\...\KeepVid Pro_is1) (Version: 7.1.2.1 - KeepVid Studio)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 61.0 (x86 en-US) (HKLM\...\Mozilla Firefox 61.0 (x86 en-US)) (Version: 61.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.0.6739 - Mozilla)
    SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
    Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.41 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
    swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
    Unity Web Player (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
    VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ptichun\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
    ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
    ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-05-23] (Apple Inc.)
    ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
    ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
    ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-10-23] (Microsoft Corporation)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
    ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
    ContextMenuHandlers1_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers4_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers5_S-1-5-21-2101005229-1017427555-4036206314-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1070FA7D-D445-418E-B922-72AC5D65DB13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {1346CA0C-CC23-4B72-B3CD-B0EFCBA1FC74} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-05] (AVAST Software)
    Task: {165F9D15-9CEC-4C98-80D5-CF5C9A4C0804} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
    Task: {1AB0D5FD-9EC3-477C-9CC7-B7D4E9D13831} - System32\Tasks\{5D89B307-EDE2-4951-BD60-166E17D3AF2E} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {1DBA5D4C-29D8-42C9-8E2F-042A4D96D32D} - System32\Tasks\{AC862A04-40D6-4C73-97C2-21F65B9B2497} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {22B4AC95-006A-47F3-A56C-1D295ABFDABE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
    Task: {257D7536-8D4E-4EC7-943C-649D6C8A41A5} - System32\Tasks\{CA68FBC6-1B51-44AA-80FD-2FEF85442571} => C:\windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Trioflex\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Trioflex\uninstall.dat" -a uninstallme 6A5B1B25-62DB-4563-A778-A94EA7139FD4 DeviceId=85946c09-325a-60e2-2064-214b59f2edab BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {29415BBD-E024-4DF4-971F-8CC1F3523306} - System32\Tasks\rivalingrivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
    Task: {2FE78412-A181-4842-A8D3-0A7E1058146A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {3B5418DF-29DB-4059-B277-1D0826F86CE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {3C836C34-7A58-47A6-BAC4-490B76105B68} - System32\Tasks\{50657BB7-E80B-4115-BBA3-D996EA7E6029} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {3D3DC4DD-752F-40D1-83D4-781DBE763F42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C} - System32\Tasks\FastDataX Task => C:\PROGRA~1\FASTDA~1\FASTDA~1.EXE
    Task: {4CC0CDE3-9EA9-4341-8A89-F0721523D448} - System32\Tasks\{E07346AA-9B32-4523-A9EA-1BD45BF71D2D} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall
    Task: {4DF1AC09-F5DB-494A-95EC-AC233B237157} - System32\Tasks\{8C626080-7FFC-4A12-AC9D-BE0EE476C53D} => C:\Users\ptichun\AppData\Local\Ubisoft\The Settlers Online\nw.exe
    Task: {55DB6796-D81F-4D12-B9D4-8B67DA45DD13} - System32\Tasks\{0029A57E-F760-48FA-802F-78B0B84C0CAC} => "c:\program files\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
    Task: {5CB45FE8-F96B-4E51-A73D-19422B99F2A0} - System32\Tasks\hereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
    Task: {6605221F-B551-4745-950B-73C5C88C38A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-13] (Adobe Systems Incorporated)
    Task: {67357DE5-CB82-4735-886E-11D3067DD671} - System32\Tasks\gobsgobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
    Task: {74867C31-8CF7-4CF0-A6B5-16539C311965} - System32\Tasks\swindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
    Task: {762862D4-B57D-4178-A89F-8680DF2DAEAB} - System32\Tasks\analogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
    Task: {85607212-AD9C-4CB9-BB31-7076F0FD9D44} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {877F6332-03CF-4A40-B390-8E0D65852BC8} - System32\Tasks\{17AA3959-20AD-4084-A48F-83BD0402FBA0} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/go/help.faq.installer?source=lightinstaller&LastError=1618
    Task: {882F4CC5-109E-4A0C-AD0C-468269C35C9B} - System32\Tasks\dastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
    Task: {92145C90-0F1A-4BB7-9A50-1F15F1E63384} - System32\Tasks\{B312BCDD-603F-4AD9-80AF-373EE41CBAFC} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {9DBBA833-D776-4F27-B8D9-AE67BDB17CC4} - System32\Tasks\{83A38A21-17D0-4618-9CFA-00C4D6DE7FDC} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {A23DDECB-365E-4BFF-BFAD-C1ABB20E3313} - System32\Tasks\analogs refuges teagleanalogs refuges teagle => C:\Users\ptichun\AppData\Local\Latham.exe [2018-06-18] ()
    Task: {AA79F2C4-C549-42EC-AA1C-204485F145A5} - System32\Tasks\{BF265605-086D-4482-AB78-3EF88BB2D2F5} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {AB2C4846-AB1D-4650-A77E-B9E0B1B62ABA} - System32\Tasks\{2D71181B-7CA4-4EBD-A63F-6B5C3122D48C} => C:\windows\system32\pcalua.exe -a C:\Users\ptichun\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
    Task: {AC1F53B6-F7A2-4F7A-90FD-CFEC6C924700} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {ACB8185B-EEE8-4FD0-8784-B34D731704B0} - System32\Tasks\swindle cuspswindle cusp => C:\Program Files\Groundstrokes\Quayside.exe [2018-06-18] ()
    Task: {ACCF0087-55A6-4BD4-83D9-8FE17CD5E0D3} - System32\Tasks\bridesmaids-kepbridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
    Task: {AEE33D35-A8BD-4090-9E49-BBFDDDCAD990} - System32\Tasks\{ED177097-B70A-4B0F-9051-4DA7833E365C} => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [2015-09-02] ()
    Task: {B6D8396F-4F20-40C4-AB7F-4EFDF3B65C6C} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-06-14] (DivX, LLC)
    Task: {BE9F58A7-E3FB-472A-8A14-7330306252B1} - System32\Tasks\dastardly_arbitragedastardly_arbitrage => C:\Program Files\Groundstrokes\Latham.exe [2018-06-18] ()
    Task: {C28041AA-B571-46D8-A201-E27926C02F26} - System32\Tasks\hereafter_lobhereafter_lob => C:\Users\ptichun\AppData\Local\Quayside.exe [2018-06-18] ()
    Task: {C3CFAE26-386D-4E74-8C1D-2174A477A639} - System32\Tasks\rivaling => C:\Program Files\Dissatisfied\Latham.exe [2018-06-18] ()
    Task: {C831D44E-71AE-441A-810C-1DD78E21502B} - System32\Tasks\repertoiresrepertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
    Task: {DEC0B544-75CA-409E-9430-D9804C5D8C86} - System32\Tasks\{907E8093-FE8D-418F-8045-769AF23EF5E5} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1603
    Task: {E026396D-6587-4B7B-A9EA-394E079C5F5C} - System32\Tasks\repertoires => C:\Program Files\obo\obo.exe [2018-06-18] ()
    Task: {E7804E13-2C25-434C-91AA-77F568488644} - System32\Tasks\gobs => C:\Program Files\Hexagon\cans.exe [2018-06-18] ()
    Task: {EBDC4BAA-2978-44F5-8552-8928462F08DD} - \Palikan midar -> No File <==== ATTENTION
    Task: {F322950B-4458-43CE-8E8D-29BFCEC36CF9} - System32\Tasks\bridesmaids-kep => C:\Program Files\schelling\Quayside.exe [2018-06-18] ()
    Task: {F42E37B7-F9A2-4DEB-8B3F-00FF31EDBAE5} - System32\Tasks\{7D07CB32-6F90-4071-80A3-570BA974DF71} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&LastError=1618

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-05-15 18:59 - 2018-05-15 18:59 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-10-06 00:08 - 2011-10-06 00:08 - 000315392 _____ () C:\Program Files\D-Link\DWA-125 revA\ANPDApi.dll
    2011-10-06 00:08 - 2009-10-19 18:59 - 000274432 _____ () C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll
    2011-10-06 00:08 - 2009-07-07 19:49 - 000040960 _____ () C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
    2018-06-07 12:32 - 2018-06-04 03:18 - 001107272 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
    2018-06-07 12:32 - 2018-06-04 03:18 - 002079048 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
    2018-06-07 12:33 - 2018-06-04 03:21 - 000106816 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000025408 _____ () C:\Program Files\Dropbox\Client\select.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000020808 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000042312 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000700736 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000021856 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000137032 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 001845600 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000022880 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000123200 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
    2018-06-07 12:32 - 2018-06-04 03:20 - 000112448 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000063312 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000031040 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000077120 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000399168 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
    2018-06-07 12:33 - 2018-06-04 03:21 - 000049984 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000027456 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000131392 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000120648 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000392520 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000028000 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000030536 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
    2018-06-07 12:33 - 2018-06-04 03:20 - 000182080 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
    2018-06-07 12:33 - 2018-06-04 03:20 - 000036672 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
    2018-06-07 12:33 - 2018-06-04 03:20 - 000032576 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000055104 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000064320 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000023376 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000021840 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000022864 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000066400 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000025440 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000152384 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 003863880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000091448 _____ () C:\Program Files\Dropbox\Client\sip.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 001798464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 001959232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000035136 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000155472 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000521544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000051024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000043336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000131400 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000219984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000204104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000067392 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000054616 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000030528 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000022880 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000022368 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000021856 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000022368 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000027496 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000355648 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
    2018-06-07 12:33 - 2018-06-04 03:21 - 000023904 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000025432 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2018-06-07 12:32 - 2018-06-04 03:18 - 000036312 _____ () C:\Program Files\Dropbox\Client\librsync.dll
    2018-06-07 12:33 - 2018-06-04 03:21 - 000021856 _____ () C:\Program Files\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000181064 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
    2018-06-07 12:33 - 2018-06-04 03:21 - 000030544 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2018-06-07 12:32 - 2018-06-04 03:19 - 000024384 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
    2018-06-07 12:32 - 2018-06-04 03:19 - 001638208 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
    2018-06-07 12:33 - 2018-06-04 03:21 - 000026464 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000546632 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
    2018-06-07 12:32 - 2018-06-04 03:20 - 000359744 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
    2017-11-17 17:03 - 2017-11-17 17:03 - 000795648 _____ () C:\Program Files\DivX\DivX Media Server\avutil-55.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 002242560 _____ () C:\Program Files\DivX\DivX Media Server\avformat-57.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 001749504 _____ () C:\Program Files\DivX\DivX Media Server\avcodec-57.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 000068096 _____ () C:\Program Files\DivX\DivX Media Server\zlib.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 001947648 _____ () C:\Program Files\DivX\DivX Media Server\avfilter-6.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 000789504 _____ () C:\Program Files\DivX\DivX Media Server\swscale-4.dll
    2017-11-17 17:03 - 2017-11-17 17:03 - 000325632 _____ () C:\Program Files\DivX\DivX Media Server\swresample-2.dll
    2017-05-25 21:02 - 2017-05-25 21:02 - 001293824 _____ () C:\Program Files\Common Files\DivX Shared\Qt5.6\libGLESv2.dll
    2017-12-14 22:14 - 2016-10-08 18:03 - 001506304 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
    2017-12-14 22:14 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
    2018-05-22 22:11 - 2018-05-22 22:11 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-05-22 22:11 - 2018-05-22 22:11 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-06-18 03:38 - 2018-06-18 03:38 - 000078274 _____ () C:\Program Files\Hexagon\cans.exe
    2015-09-02 04:00 - 2015-09-02 04:00 - 010566352 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
    2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files\Skype\Phone\skypert.dll
    2018-05-15 18:59 - 2018-05-15 18:59 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-06-18 03:38 - 2018-06-18 03:38 - 000044824 _____ () C:\Program Files\postural\mccarren.exe
    2018-06-18 06:03 - 2018-06-18 06:03 - 001917576 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\proxycheck.exe
    2018-06-18 06:03 - 2018-06-18 06:03 - 083467776 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libcef.dll
    2018-06-18 06:03 - 2018-06-18 06:03 - 003723264 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libglesv2.dll
    2018-06-18 06:00 - 2018-06-18 06:00 - 000079872 _____ () C:\Users\ptichun\AppData\Roaming\AGData\bin\libegl.dll
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Program Files\Groundstrokes\Quayside.exe
    2018-06-18 03:38 - 2018-06-18 03:38 - 000203264 _____ () C:\Users\ptichun\AppData\Local\Latham.exe
    2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:4C235DA4 [140]
    AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [149]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7587 more sites.

    IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-11-01 20:38 - 2018-06-18 06:06 - 000033749 _____ C:\windows\system32\Drivers\etc\hosts

    127.0.0.1 cpm.paneladmin.pro
    127.0.0.1 publisher.hmdiadmingate.xyz
    127.0.0.1 hmdicrewtracksystem.xyz
    127.0.0.1 mydownloaddomain.com
    127.0.0.1 linkmate.space
    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 doctorlink.space
    127.0.0.1 plugpackdownload.net
    127.0.0.1 texttotalk.org
    127.0.0.1 gambling577.xyz
    127.0.0.1 htagdownload.space
    127.0.0.1 mybcnmonetize.com
    127.0.0.1 360devtraking.website
    127.0.0.1 dscdn.pw
    127.0.0.1 bcnmonetize.go2affise.com
    127.0.0.1 beautifllink.xyz
    162.222.193.86 aoaomo.tremorhub.com
    188.95.50.62 bobomo.tremorhub.com
    162.222.193.86 www.howcast.com
    162.222.193.86 howcast.com
    162.222.193.86 www.ustream.tv
    162.222.193.86 ustream.tv
    162.222.193.86 www.livestream.com
    162.222.193.86 livestream.com
    162.222.193.86 www.dailymotion.com
    162.222.193.86 dailymotion.com
    192.192.3.8 www.virustotal.com
    192.192.3.8 virustotal.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ptichun\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{F58C4E7F-A20D-4314-8EE2-3353CD189FFE}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [UDP Query User{3A26792F-D603-4F1D-8198-BFB4189E9009}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [TCP Query User{2F1C67D4-DF90-4E08-B7D4-6AD6BC5FF6FA}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
    FirewallRules: [UDP Query User{4ED7722A-32D9-467A-91E8-56D52623C89A}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
    FirewallRules: [TCP Query User{1C5BBB73-24B4-46AB-A99D-8A01505E05DB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{B2222B06-246C-40B8-BC70-E0ABDD0EFC66}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe
    FirewallRules: [{3AE0E1E4-8DAE-4D95-BFC5-029D1D3FD1A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{235A9551-3F1D-440C-8D8A-E8600D2EE798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{04FBA004-6FF9-4861-8EE1-56EE6C9F907F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{BEED8D46-A598-4741-9637-6BEF855555D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{48A8E8FB-6918-4015-B06F-C250F83F1B8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{78186ED7-EF40-48CC-8FC4-3E295B191589}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{9EE77CB6-4724-4BA3-A3C1-8FC2DBC1D840}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{03175EB7-3FEE-46DC-9547-4133DB5347CB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{A09784CA-C739-4513-B524-5247F12B44C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{DFE40FDF-E2D2-4CDB-86BB-E1BCFCD84E8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{42DAA181-D573-463B-973B-C17118E8B71A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{D0CDFA5B-F776-45D6-B65E-1E3B763337F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{044BF0BC-EE76-491E-BA53-E20B9C0F751B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{04B1CB2E-915A-42CB-B897-6EA2F1A486C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{3228F869-1172-4646-AA30-5772ECC187FD}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{DC964890-2C91-4E3B-B989-49B349478DE8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{684C3DDA-192B-4884-AFDD-80064B631D1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{7279AD27-F293-4E92-8DB4-A387AC9EB8ED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{3CD7F440-81D7-4548-BC3B-85889D00F8F3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{CDC82F41-207C-415E-B75E-CE92ECC666B4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{AD722E30-3CB1-45E6-9CA5-85DA5C62B7D3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5540A555-338F-4820-8BE9-B05B87552457}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{1E7851FF-D141-4821-9523-C79E8AB3E76B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{DB475606-1703-47BF-8A0D-49C8528DA15A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{5E9F43A6-040E-451E-AEDC-1CB40FFC8C49}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{6A0B4ADB-A2D1-4B10-B55D-3771B0B635B9}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{04234296-B683-48C0-A326-8EF6737D5EB7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{C5224D0A-E0F3-4D7D-96E8-60C5ABC6547D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [{C8BE59A2-F315-45B7-831B-609E510C457D}] => (Allow) C:\Program Files\Veetle\Player\VeetleNet.exe
    FirewallRules: [{D608F237-43C7-4895-A595-6B17A9A0063C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{D8A89442-BE6E-46EB-A6C1-510BB93FAF0B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8A893AAA-EF46-411D-BC07-438304246DAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AD65711D-B783-4387-9A27-FED1DA3989CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E9354B2C-CCCA-4F2C-BF99-2FE9B4AADDEF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8A63527C-770A-4AC3-BCE3-21EC837FD94D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{730932D4-3E39-4276-BDF2-5EE517A0CC2D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{03F0A29A-3B36-452F-9432-3CDDFC555603}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E70ED5F2-58F0-4326-B02A-82BA05E41DF6}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{851BEE00-CF9A-4D13-8103-D727716A94DA}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{4FCC4FCC-F298-42A9-B317-55CF7986E497}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{286CE097-A396-4AB9-B77C-D1DA27EBCAA8}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{35B57A6A-F55D-48D8-A0B5-F6FD052AB38D}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [TCP Query User{1A70C3FF-9B63-4885-98E4-4931769A5F13}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
    FirewallRules: [UDP Query User{BB40DAA9-CF7B-435C-AC6F-50964B50AB51}C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\ptichun\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
    FirewallRules: [TCP Query User{273DCA66-8832-4A79-8D20-89EFAEC4A0DA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{758A20DA-50AB-4FF7-BC5C-8F3FD63A72AB}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{7777DD37-6752-42EC-84A9-18D9AB57E056}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
    FirewallRules: [TCP Query User{60ED8360-6B76-4086-B538-1D44623A493A}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
    FirewallRules: [UDP Query User{C3D60C63-4B57-4C80-B791-FA0E65523CF5}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
    FirewallRules: [TCP Query User{774A6AF2-B065-4230-B394-0B1C84B05451}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [UDP Query User{986D79ED-557C-4624-8111-63BAC192F35F}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{BFEC80C0-BFA1-43BD-AD0B-372E812A7575}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{3149A7D8-5F59-45E4-B6F7-198ED9FFAD91}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{4A84E385-68D1-4B63-A44A-E5B0EEACB422}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{0E55C1BD-C9F2-45CF-8688-E09FF1EE9D05}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{EBCBCEA2-B0A5-474A-B60C-03EFB408AFD5}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{5A5AE529-C631-4D4F-8061-E6596F7494B4}] => (Allow) C:\Users\ptichun\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{60152734-99A4-49A7-A24D-AA050D415BBC}] => (Allow) C:\Program Files\Dissatisfied\Latham.exe
    FirewallRules: [{7C427782-67AA-46FC-98C4-52938688D051}] => (Allow) C:\Program Files\Groundstrokes\Latham.exe
    FirewallRules: [{B88E0081-D72B-4FEA-A0D9-83C6B259376B}] => (Allow) C:\Program Files\schelling\Quayside.exe
    FirewallRules: [{D71C866B-2F4F-4849-BEAA-1246272E8D54}] => (Allow) C:\Program Files\Groundstrokes\Quayside.exe

    ==================== Restore Points =========================

    07-06-2018 12:39:29 Windows Update
    11-06-2018 08:49:53 Windows Update
    14-06-2018 03:00:21 Windows Update
    17-06-2018 14:34:44 Windows Update
    19-06-2018 06:27:08 Removed WinZip 22.0.
    19-06-2018 06:53:20 Microsoft Antimalware Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/19/2018 06:48:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 235c

    Start Time: 01d407d4178bb72b

    Termination Time: 119

    Application Path: C:\Program Files\Dissatisfied\Latham.exe

    Report Id: 68fa4964-73c7-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:48:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1c50

    Start Time: 01d407d248d7feee

    Termination Time: 0

    Application Path: C:\Program Files\Groundstrokes\Quayside.exe

    Report Id: 57846d31-73c7-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 196c

    Start Time: 01d407d3da2be8ec

    Termination Time: 34

    Application Path: C:\Program Files\Dissatisfied\Latham.exe

    Report Id: 50552df3-73c7-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:47:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1700

    Start Time: 01d407d3f47b864c

    Termination Time: 175

    Application Path: C:\Program Files\Dissatisfied\Latham.exe

    Report Id: 43470223-73c7-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:46:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1f88

    Start Time: 01d407d256b8c013

    Termination Time: 0

    Application Path: C:\Users\ptichun\AppData\Local\Latham.exe

    Report Id: 99f7c51d-73c6-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:46:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Latham.exe version 3.3.3.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 10ec

    Start Time: 01d407d036d5a8ee

    Termination Time: 10322

    Application Path: C:\Program Files\Dissatisfied\Latham.exe

    Report Id: 103af06a-73c7-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:44:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1d3c

    Start Time: 01d407d223257b00

    Termination Time: 395

    Application Path: C:\Program Files\schelling\Quayside.exe

    Report Id: c5882429-73c6-11e8-b0e0-002622ebfd92

    Error: (06/19/2018 06:43:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Quayside.exe version 1.5.7.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1b60

    Start Time: 01d407d250c27a9a

    Termination Time: 8870

    Application Path: C:\Program Files\schelling\Quayside.exe

    Report Id: b68bdcbd-73c6-11e8-b0e0-002622ebfd92


    System errors:
    =============
    Error: (06/19/2018 07:39:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.269.1570.0).

    Error: (06/19/2018 07:34:56 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.269.1570.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.14901.4

    Error code: 0x80070643

    Error description: Fatal error during installation.

    Error: (06/19/2018 06:26:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (06/19/2018 06:21:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (06/19/2018 06:21:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/19/2018 06:20:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The saiyi technology limit service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/19/2018 06:18:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    netfilter2

    Error: (06/19/2018 06:05:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    The dependency service or group failed to start.


    CodeIntegrity:
    ===================================

    Date: 2014-07-17 13:20:48.740
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:48.484
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:48.247
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:47.945
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:47.603
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:47.179
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:46.779
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 13:20:46.579
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
    Percentage of memory in use: 75%
    Total physical RAM: 2908.64 MB
    Available physical RAM: 727.12 MB
    Total Virtual: 5815.63 MB
    Available Virtual: 1778.99 MB

    ==================== Drives ================================

    Drive c: (S3A8047D003) (Fixed) (Total:434.43 GB) (Free:21.41 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:191.54 GB) NTFS

    \\?\Volume{20840fd0-f251-11de-9706-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 0A2C9096)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=434.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=19.2 GB) - (Type=0F Extended)
    Partition 4: (Not Active) - (Size=10.7 GB) - (Type=17)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 00038A56)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Hello ptichun :)

    P2P Advisory!
    IMPORTANT
    There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

    As long as you have the P2P program(s) installed, I will offer you no further assitance.
    If you choose NOT to remove the program(s)...indicate that in your next reply and I will mark this thread New so you can wait for another helper. Otherwise, there are instructions for removing it in the next step.

    By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
    Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

    If you would like to continue receiving help, please complete the following steps:

    Step one...

    Uninstall Programs
    • Click on Start.
    • Enter appwiz.cpl into the Search programs and files text box and press Enter.
    • Locate the following programs:
      BitTorrent
    • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
      • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
      • Do this for every program listed.
      • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
    • Once finished reboot your computer.
    Step two...

    CKScanner
    Please download CKScanner and save it to your Desktop.
    This program should only be run once!
    Make sure that CKScanner.exe is on the your desktop before running the application!

    • Right click on the CKScanner.exe icon and select Run as administrator.
    • Click the Search For Files button.
    • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
      A text file will be created on your desktop named "ckfiles.txt"
    • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
    • Please copy/paste the contents of ckfiles.txt in your next reply.

    Step three...

    MGA Diagnostic Tool
    • Please download MGA Diagnostic Tool and save it to your Desktop.
    • Right click on MGADiag.exe and select Run as adminsitrator.
    • Click on Continue to run the scan.
    • Once the scan is finished click Copy to copy the results. Paste them in your reply.

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

    In your next reply please include:
    • Did you have any problems with the instructions?
    • Confirmation that you removed any P2P software from your computer
    • ckfiles.txt
    • MGADiag report
    • Are there any changes in computer behavior?
     
  8. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Hello,
    1. I have removed P2P software (bittorrent).

    2.
    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\cracked.py
    c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\cracked.pyc
    c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\crackle.py
    c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\extractor\crackle.pyc
    c:\program files\keepvid\keepvid keepvid pro\downloadres\youtube_dl\ws_extractor\crackle.py
    c:\users\ptichun\music\leftover_crack-shoot_the_kids_at_school-2001_160k\00-leftover_crack-shoot_the_kids_at_school-2001.sfv
    c:\users\ptichun\music\ruts - the crack\desktop.ini
    c:\users\ptichun\music\ruts - the crack\thumbs.db
    scanner sequence 3.DD.11.KOAPHZ
    ----- EOF -----


    3. MGA Diag report is below:
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
    Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
    Windows Product ID: 00359-OEM-8992687-00057
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E6FCABF4-3544-46E2-8FF3-7B683674E831}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr_escrow.180528-1700
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Enterprise 2007 - 103 Blocked VLK
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E6FCABF4-3544-46E2-8FF3-7B683674E831}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-2101005229-1017427555-4036206314</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L500</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.10</Version><SMBIOSVersion major="2" minor="5"/><Date>20100506000000.000000+000</Date></BIOS><HWID>E9803707018400F8</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65174</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800057-02-1033-7600.0000-2322009
    Installation ID: 007423778012396696249695318685259070098556041196088036
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: W8DQG
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 19/06/2018 10:25:10 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:3:2018 09:48
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAIAAAABAAAABAABAAEAeqjohFRo2np6iwi4bFrM4Y6MfHAzZ1H0Rso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC PTLTD APIC
    FACP TOSCPL CRESTLNE
    HPET INTEL CRESTLNE
    BOOT PTLTD $SBFTBL$
    MCFG INTEL CRESTLNE
    SLIC TOSCPL TOSCPL00
    OSFR TOSHIB A+2nd ID
    SSDT BrtRef DD01BRT
    SSDT BrtRef DD01BRT
     
    Last edited: Jun 20, 2018
  9. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Hello ptichun :)

    Cracked/Illegal Software Warning

    Your computer has a cracked copy of Microsoft Office 2007 installed. Not only is cracked software stealing and therefore illegal, it is also a great way to get infected. Please remove all cracked or otherwise illegal software on your computer before we proceed.

    Source: Software Cracks: A Great Way to Infect Your PC

    Please confirm that you have removed all cracked software from your computer.

    Regards,
    capnkrunch
     
  10. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Hi capnkrunch

    I understand what you are saying in the above reply to my post. But I need help on removing cracked software. How do I know which software is cracked???? What would you like me to do??? Please help with this computer.

    Regards,
    ptichun
     
  11. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Hello ptichun :)

    By cracked software, I mean any paid software that you have installed but not paid for. For example, your copy of Microsoft Office is clearly pirated and needs to be uninstalled before we continue.

    Regards,
    capnkrunch
     
  12. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Hi,

    I understand what you mean but there is no listing for Microsoft Office under my programs. So I am not sure on how to uninstall it. Could you give me step by step instructions?
    Thank you

    ptichun
     
  13. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    510
    Hello ptichun :)

    We'll remove it in a FRST fix later. For now, let's continue.

    Step one...

    FRST Fix
    • You should still have FRST.exe in your Downloads folder. If not please download it HERE.
    • Right click on FRST.exe and select Run as administrator.
    • Press CTRL + Y (the Control and Y keys at the same time). A blank file named fixlist.txt will open.
    • Copy and paste the following into the it (do not include the word Code:).
      Code:
      CreateRestorePoint:
      Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
      Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
      VirusTotal: C:\Program Files\Hexagon\cans.exe;C:\Program Files\postural\mccarren.exe;C:\Program Files\Groundstrokes\Quayside.exe;C:\Users\ptichun\AppData\Local\Latham.exe;C:\Program Files\Mozilla Firefox\firefoxJu.exe;C:\Program Files\Dissatisfied\Latham.exe;C:\Program Files\schelling\Quayside.exe;C:\windows\grail.exe;C:\Program Files\obo\obo.exe
      Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
      Folder: C:\Program Files\NCWS1MPIV7
      Folder: C:\windows\b8998883
      Hosts:
      EmptyTemp:
      CMD: ipconfig /flushdns
    • Save the file by clicking File -> Save.
    • Press the Fix button one time only and wait.
    • When FRST finishes you will be prompted to reboot your computer. Click OK.
    • Your computer should now restart. On reboot navigate to your Downloads folder where you should find Fixlog.txt. Copy and paste the contents in your reply.

    Step two...

    AdwCleaner - Scan Only
    • Please download AdwCleaner by [Malwarebytes and save it to your Desktop.
    • Close all open programs and windows so that you are at your Desktop.
    • Right click on adwcleaner.exe and click Run as administrator.
    • Click on the Scan button.
      When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
    • Do not attempt to clean anything at this point.
    • Click on the Logfile button.
    • This will open a file, AdwCleaner[Sx].txt (where x is the number of times it has been run. Copy and paste the contents of that logfile in your reply.

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

    In your next reply please include:
    • Did you have any problems with the instructions?
    • fixlog.txt
    • AdwCleaner[Sx].txt
    • Are there any changes in computer behavior?
     
  14. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    Fix result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
    Ran by ptichun (21-06-2018 14:56:15) Run:1
    Running from C:\Users\ptichun\Downloads
    Loaded Profiles: ptichun (Available Profiles: ptichun & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    Impaq Speed (HKLM\...\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}) (Version: 1.0.3.0 - Melasys LLC) Hidden
    Impaq Speed (HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
    VirusTotal: C:\Program Files\Hexagon\cans.exe;C:\Program Files\postural\mccarren.exe;C:\Program Files\Groundstrokes\Quayside.exe;C:\Users\ptichun\AppData\Local\Latham.exe;C:\Program Files\Mozilla Firefox\firefoxJu.exe;C:\Program Files\Dissatisfied\Latham.exe;C:\Program Files\schelling\Quayside.exe;C:\windows\grail.exe;C:\Program Files\obo\obo.exe
    Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0
    Folder: C:\Program Files\NCWS1MPIV7
    Folder: C:\windows\b8998883
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    *****************

    Restore point was successfully created.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B78041B-8CEB-4743-8FBA-C2FFE9F54478}\\SystemComponent" => removed successfully.
    "HKU\S-1-5-21-2101005229-1017427555-4036206314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}\\SystemComponent" => removed successfully.
    VirusTotal: C:\Program Files\Hexagon\cans.exe => (3) Error
    VirusTotal: C:\Program Files\postural\mccarren.exe => (3) Error
    VirusTotal: C:\Program Files\Groundstrokes\Quayside.exe => (3) Error
    VirusTotal: C:\Users\ptichun\AppData\Local\Latham.exe => (3) Error
    VirusTotal: C:\Program Files\Mozilla Firefox\firefoxJu.exe => (3) Error
    VirusTotal: C:\Program Files\Dissatisfied\Latham.exe => (3) Error
    VirusTotal: C:\Program Files\schelling\Quayside.exe => (3) Error
    VirusTotal: C:\windows\grail.exe => (3) Error
    VirusTotal: C:\Program Files\obo\obo.exe => (3) Error

    ========================= Folder: C:\Users\ptichun\AppData\Roaming\kjq1vcdpyl0 ========================


    ====== End of Folder: ======


    ========================= Folder: C:\Program Files\NCWS1MPIV7 ========================

    2018-06-18 18:45 - 2018-06-18 18:45 - 000000038 ____A [D836B45425E99F522EF79FD0DCCB8283] () C:\Program Files\NCWS1MPIV7\cast.config
    2018-06-18 18:45 - 2018-06-18 18:45 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\NCWS1MPIV7\E8FF9SNMI.exe.config
    2018-06-18 18:45 - 2018-06-18 18:45 - 000028672 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files\NCWS1MPIV7\uninstaller.exe
    2018-06-18 18:45 - 2018-06-18 18:45 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\NCWS1MPIV7\uninstaller.exe.config

    ====== End of Folder: ======


    ========================= Folder: C:\windows\b8998883 ========================

    C:\windows\b8998883 => File

    ====== End of Folder: ======

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 428597475 B
    Java, Flash, Steam htmlcache => 6478 B
    Windows/system/drivers => 1821342004 B
    Edge => 0 B
    Chrome => 102465993 B
    Firefox => 395976602 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 128 B
    LocalService => 0 B
    NetworkService => 30781266 B
    ptichun => 1478925639 B
    Administrator => 0 B

    RecycleBin => 0 B
    EmptyTemp: => 4 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 15:22:34 ====
     
  15. ptichun

    ptichun Thread Starter

    Joined:
    Feb 6, 2006
    Messages:
    215
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.0.0
    # -------------------------------
    # Build: 06-05-2018
    # Database: 2018-06-19.4
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 06-21-2018
    # Duration: 00:01:32
    # OS: Windows 7 Home Premium
    # Scanned: 41244
    # Detected: 140


    ***** [ Services ] *****

    PUP.Optional.Legacy saiyitechnology
    PUP.Optional.ProxyGate pgt_svc

    ***** [ Folders ] *****

    PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0814TB
    PUP.Optional.AnonymizerGadget C:\Users\ptichun\AppData\Roaming\AGData
    PUP.Optional.Conduit.A C:\Users\ptichun\AppData\Roaming\RHEng
    PUP.Optional.FastDataX C:\Users\ptichun\AppData\Roaming\FastDataX
    PUP.Optional.Legacy C:\Program Files\BestCleaner
    PUP.Optional.Legacy C:\ProgramData\yahoochrome_D
    PUP.Optional.Legacy C:\Program Files\AnonymizerGadget
    PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
    PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Companion
    PUP.Optional.Legacy C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
    PUP.Optional.Legacy C:\Users\ptichun\AppData\LocalLow\Yahoo!\Companion
    PUP.Optional.Legacy C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
    PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Yahoo!\Companion
    PUP.Optional.Legacy C:\Users\ptichun\AppData\Local\StormFall
    PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
    PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
    PUP.Optional.OneSystemCare C:\Users\ptichun\AppData\Roaming\OneSystemCare
    PUP.Optional.PCCleanerPro C:\Program Files\PRO PC Cleaner
    PUP.Optional.ProxyGate C:\Program Files\ProxyGate
    PUP.Optional.WeatherBuddy C:\Users\ptichun\AppData\Local\ImpaqSpeed
    Trojan.Agent C:\Users\ptichun\AppData\Roaming\WidModule

    ***** [ Files ] *****

    PUP.Optional.Legacy C:\TOSTACK
    PUP.Optional.Legacy C:\Users\ptichun\Downloads\SysInfo.exe
    PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Installer.dat
    PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\Main.dat
    PUP.Optional.Legacy C:\Users\ptichun\AppData\Roaming\agent.dat

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    PUP.Optional.FastDataX C:\Windows\System32\Tasks\FastDataX Task

    ***** [ Registry ] *****

    Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
    Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
    Adware.TryMedia HKLM\Software\Trymedia Systems
    PUP.Adware.Heuristic HKLM\SOFTWARE\8708599B-3BBC-4B76-A14D-2FA06B5C3036
    PUP.Adware.Heuristic HKCU\SOFTWARE\43AEEF6FF6F2DBBCCEDDB67AA85124CF
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7242BBD-9BA6-4C7E-9AF6-7767D7AA600}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0507080-F6ED-49BE-9C80-EAAB9F3634D}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87AC2DB-DCFA-44FD-A089-6881BC770CB}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92B327C2-9820-4FB0-980-2290D254ACFB}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DA2428B-9133-4315-9C58-43CAF46381}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6439FBDD-3AFA-4644-AB3F-2D1B8C99FFE3}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{572B6F0E-6185-4070-B410-172D72C21D80}
    PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1826A1CA-9B3-4C3D-8BE9-92D2541A6E80}
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mytransitguide.com
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.com
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
    PUP.Optional.AuslogicsDriverUpdater HKU\S-1-5-18\Software\Auslogics
    PUP.Optional.AuslogicsDriverUpdater HKCU\Software\Auslogics
    PUP.Optional.AuslogicsDriverUpdater HKU\.DEFAULT\Software\Auslogics
    PUP.Optional.BestCleaner HKCU\Software\Microsoft\BigTime
    PUP.Optional.BrowseFox HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\AtuZi
    PUP.Optional.CleanMyPC HKCU\Software\Reg\Clean
    PUP.Optional.CleanMyPC HKLM\Software\Reg\Clean
    PUP.Optional.DiskPower HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
    PUP.Optional.DolphinDeals HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\Dolphin Deals
    PUP.Optional.FastDataX HKCU\Software\FastDataX
    PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
    PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DBA944F-C2C5-4E66-9ECC-0208B86D2A9C}
    PUP.Optional.FastDataX HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
    PUP.Optional.InstallCore HKCU\Software\csastats
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
    PUP.Optional.Legacy HKLM\Software\Microsoft\DMunversion
    PUP.Optional.Legacy HKLM\Software\pcv-var
    PUP.Optional.Legacy HKCU\Software\ICSW1.23
    PUP.Optional.Legacy HKCU\Software\Lavasoft\Web Companion
    PUP.Optional.Legacy HKLM\Software\Lavasoft\Web Companion
    PUP.Optional.Legacy HKCU\Software\MICROSOFT\OTUT
    PUP.Optional.Legacy HKLM\Software\imalcom
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy HKCU\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\Companion
    PUP.Optional.Legacy HKCU\Software\Yahoo\Companion
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\Companion
    PUP.Optional.Legacy HKLM\Software\Yahoo\Companion
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2101005229-1017427555-4036206314-1000\Software\vShare
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
    PUP.Optional.Legacy HKCU\Software\Bitberry
    PUP.Optional.Legacy HKCU\Software\APN PIP
    PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
    PUP.Optional.Legacy HKCU\Software\Classes\Applications\interstatnogui.exe
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
    PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{82443621-A29A-473E-8335-F5C958A7A4CA}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}
    PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
    PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
    PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{2C09954F-CDA8-4BD1-8794-1D543E050378}
    PUP.Optional.Legacy HKLM\Software\Classes\Sample.YTBPartnerSample
    PUP.Optional.Legacy HKLM\Software\Classes\Sample.BrowserHandler
    PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\imgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akz.imgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
    PUP.Optional.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
    PUP.Optional.OneSystemCare HKCU\Software\One System Care
    PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
    PUP.Optional.RRSavings HKLM\Software\RrFilter
    PUP.Optional.Tuto4PC HKCU\Software\MICROSOFT\wewewe
    PUP.Optional.WeatherAlerts HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
    PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrIncub
    PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\MPrForShutT
    PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\PrAmNP
    PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\NSaveA
    PUP.Optional.WeatherAlerts HKLM\Software\Microsoft\APreSam
    PUP.Optional.WeatherBuddy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ImpaqSpeed
    PUP.Optional.WeatherBuddy HKCU\Software\Melasys LLC
    PUP.Optional.WeatherBuddy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}

    ***** [ Chromium (and derivatives) ] *****

    PUP.Optional.BrowserHunt Browser Hunt SafeFinder
    PUP.Optional.MountainBrowse Mountain Browse

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy http://feed.helperbar.com/?p=mKO_Aw...rxvVHUl4E9ZwYESXpc4SPJAEvFXPOFhXLLGTvAxqCMIFA,,
    PUP.Optional.Legacy WebSearch
    PUP.Optional.Legacy Ask

    ***** [ Firefox (and derivatives) ] *****

    PUP.Optional.BrowseToSave SaveFrom.net helper

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1211770

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice