Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, most likely caused by malware/virus.


  • This topic is locked This topic is locked
14 replies to this topic

#1 japjap4

japjap4

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 19 February 2018 - 10:37 AM

Good day,

So I recently bought a new charger for an old laptop in our family. Turns out, the last user of the said laptop downloaded many stuffs that were suspicious, so I tried running Malwarebytes. As such, it detected at least 84 PUP software and were cleaned. Unfortunately, I do not have any anti-virus downloaded as I suspected everything in this laptop got infected.

 

As I was cleaning stuffs in my desktop, I was shocked that Avast! Antivirus suddenly popped up DOWNLOADED without my knowledge and without me downloading it. This led me to believe that, most likely, a virus or a malware may be affecting my computer.. so I need you help in solving this case.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17.02.2018
Ran by ATLANT (administrator) on ATLANT-PC (19-02-2018 23:31:34)
Running from C:\Users\ATLANT\Downloads
Loaded Profiles: ATLANT (Available Profiles: ATLANT)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor)
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{2E2483BF-9406-42E0-B746-4C64D4E37F09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3833D16C-64FA-4245-BD06-ABB6642D8DD3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{399EEA60-CEFA-49B6-8A75-4AB395CB4EF0}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{53725089-1992-498B-95A9-45467FA7FBF5}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{7ED105BF-D480-43AA-904F-21B72B23856D}: [DhcpNameServer] 121.1.3.81 192.168.0.1
Tcpip\..\Interfaces\{9E5691D6-B572-470A-A00F-FD8DAF62FC78}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{A1FA8971-C3F8-4572-B5EF-2D61BCADC7E3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{E097F893-9F91-4F84-A845-040D729BBE25}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{FDEBC5A5-B834-4960-BCFD-9BC50663E0F7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823209866&GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823469881&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: HKLM -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-02-14] (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files\PSafe\ClikSeguro\ClikSeguro.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-02-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-02-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default [2018-02-19]
FF user.js: detected! => C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\user.js [2018-02-19]
FF Homepage: Mozilla\Firefox\Profiles\epdxx4vk.default -> hxxp://isearch.avg.com?pid=avg&sg=&cid=%7Bb5881498-35b7-4298-8fbc-767ebb129b49%7D&mid=d4b708e2bbe647d0be8364bb81e2ba94-5daa6cd66658fedc14254a1b56ff7364ae57fd51&ds=gm011&coid=&cmpid=&v=18.1.9.799&lang=en&pr=sa&d=2012-07-31%2022%3A53%3A12&sap=hp
FF NewTab: Mozilla\Firefox\Profiles\epdxx4vk.default -> search.chatzum.com
FF Extension: (Babylon Spelling and Proofreading) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (Babylon Translation Activation) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (SimilarSites) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi [2018-02-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [clikseguro@psafe.com] - C:\Program Files\PSafe\ClikSeguro\\ffext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-14] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-339281470-1637478255-2933653089-1000: @gentek.com/thinclient -> C:\IGG\twclient_ph\npthinclient.dll [2012-06-01] (Generic Network)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-13]
CHR HKLM\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files\PSafe\ClikSeguro\\chext\clikseguro.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\ATLANT\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1776216 2015-08-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2010-08-27] (TCT International Mobile Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-18] (Malwarebytes)
U3 catchme; \??\C:\Users\ATLANT\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 23:31 - 2018-02-19 23:31 - 000013216 _____ C:\Users\ATLANT\Downloads\FRST.txt
2018-02-19 23:31 - 2018-02-19 23:31 - 000000000 ____D C:\FRST
2018-02-19 23:30 - 2018-02-19 23:31 - 001763840 _____ (Farbar) C:\Users\ATLANT\Downloads\FRST.exe
2018-02-19 23:28 - 2018-02-19 23:28 - 000014243 _____ C:\ComboFix.txt
2018-02-19 23:11 - 2018-02-19 23:28 - 000000000 ____D C:\Qoobox
2018-02-19 23:11 - 2011-06-25 22:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-19 23:11 - 2010-11-07 09:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-19 23:11 - 2009-04-19 20:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-19 23:10 - 2018-02-19 23:26 - 000000000 ____D C:\Windows\erdnt
2018-02-19 23:07 - 2018-02-19 23:10 - 005660720 ____R (Swearware) C:\Users\ATLANT\Downloads\ComboFix.exe
2018-02-18 18:30 - 2018-02-18 18:30 - 000000909 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2018-02-18 18:30 - 2018-02-18 18:30 - 000000901 _____ C:\Users\ATLANT\Desktop\osu!.lnk
2018-02-18 18:16 - 2018-02-19 23:14 - 000000000 ____D C:\Users\ATLANT\AppData\Local\osu!
2018-02-18 18:02 - 2018-02-18 18:02 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-18 18:02 - 2018-02-18 18:02 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-18 18:02 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-18 18:01 - 2018-02-18 18:07 - 001920156 _____ C:\Windows\ntbtlog.txt
2018-02-15 06:06 - 2018-02-14 00:35 - 000002333 _____ C:\Users\ATLANT\Desktop\PowerPoint 2016.lnk
2018-02-14 12:47 - 2018-02-14 12:40 - 028444646 _____ C:\CHAPTER 12.pptx
2018-02-14 01:25 - 2018-02-16 19:53 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-02-14 01:19 - 2018-02-14 01:25 - 000000000 ____D C:\Users\ATLANT\AppData\Local\MSfree Inc
2018-02-14 01:12 - 2018-02-14 01:12 - 000000000 ____D C:\Users\ATLANT\AppData\Local\CEF
2018-02-14 01:05 - 2018-02-14 01:05 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-14 01:05 - 2018-02-14 01:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-02-14 00:51 - 2015-07-18 05:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-14 00:50 - 2018-02-14 00:50 - 000002121 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ___RD C:\Users\ATLANT\OneDrive
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2018-02-14 00:49 - 2018-02-14 06:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-14 00:49 - 2018-02-14 00:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-14 00:35 - 2018-02-14 00:35 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-02-14 00:31 - 2018-02-14 00:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-14 00:27 - 2018-02-14 00:27 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-14 00:24 - 2015-09-27 07:27 - 000000000 ____D C:\Users\ATLANT\Desktop\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2018-02-14 00:06 - 2018-02-14 00:06 - 000001042 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-14 00:04 - 2018-02-14 00:08 - 000000000 ____D C:\AdwCleaner
2018-02-14 00:02 - 2018-02-14 00:04 - 008222496 _____ (Malwarebytes) C:\Users\ATLANT\Downloads\adwcleaner_7.0.8.0.exe
2018-02-13 22:10 - 2018-02-13 22:11 - 001129816 _____ (Google Inc.) C:\Users\ATLANT\Downloads\ChromeSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 23:25 - 2009-07-13 18:04 - 000000215 _____ C:\Windows\system.ini
2018-02-19 23:04 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-19 23:04 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-19 22:49 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-15 21:35 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\vlc
2018-02-15 21:14 - 2009-07-13 20:53 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-15 20:28 - 2012-06-26 13:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-15 20:28 - 2011-10-26 23:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-15 20:28 - 2011-08-09 14:25 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-14 22:37 - 2011-08-09 14:20 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 22:37 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2018-02-14 19:38 - 2011-08-09 15:11 - 000000000 ____D C:\Windows\Panther
2018-02-14 19:38 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\ModemLogs
2018-02-14 06:20 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-14 06:06 - 2009-07-13 20:33 - 000423728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 01:18 - 2011-08-09 18:44 - 000109016 _____ C:\Users\ATLANT\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-14 01:08 - 2012-11-30 00:19 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-14 01:08 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-02-14 01:08 - 2009-07-13 23:49 - 000000000 ____D C:\Windows\ShellNew
2018-02-14 01:08 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-14 00:59 - 2011-10-22 10:48 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Facebook
2018-02-14 00:52 - 2011-08-09 14:19 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-02-14 00:51 - 2011-09-26 03:24 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Google
2018-02-14 00:50 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT
2018-02-14 00:49 - 2011-08-09 14:20 - 000000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\Program Files\CCleaner
2018-02-14 00:48 - 2014-09-06 03:11 - 000000000 ____D C:\Windows\Minidump
2018-02-14 00:16 - 2011-10-20 17:44 - 000000000 ____D C:\ProgramData\Real
2018-02-14 00:15 - 2011-10-20 17:34 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-02-14 00:13 - 2011-10-20 20:48 - 000000000 ____D C:\Program Files\Mobily Connect Card
2018-02-14 00:12 - 2012-08-02 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance
2018-02-14 00:10 - 2011-09-26 03:25 - 000000000 ____D C:\Program Files\GRETECH
2018-02-14 00:09 - 2011-08-09 14:24 - 000000000 ____D C:\Program Files\FreeTime
2018-02-14 00:08 - 2011-10-20 17:34 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\DMCache
2018-02-14 00:07 - 2014-09-24 17:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-14 00:07 - 2011-10-26 23:38 - 000000000 ____D C:\Users\ATLANT\AppData\LocalLow\Yahoo!
2018-02-14 00:07 - 2011-08-09 14:25 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-14 00:06 - 2011-08-09 14:26 - 000000000 ____D C:\ProgramData\Yahoo!
2018-02-13 23:58 - 2011-08-09 15:06 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Yahoo
2018-02-13 23:55 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF
2018-02-13 23:53 - 2011-09-26 03:22 - 000000000 ____D C:\Program Files\Common Files\Ahead
2018-02-13 23:49 - 2012-03-03 13:54 - 000000000 ____D C:\Program Files\GNU
2018-02-13 23:49 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\Real
2018-02-13 23:14 - 2014-09-09 03:53 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-13 23:14 - 2014-09-09 03:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 22:42 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2012-03-02 22:35 - 2014-02-23 06:44 - 000152576 _____ () C:\Users\ATLANT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-13 23:08
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17.02.2018
Ran by ATLANT (administrator) on ATLANT-PC (19-02-2018 23:31:34)
Running from C:\Users\ATLANT\Downloads
Loaded Profiles: ATLANT (Available Profiles: ATLANT)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor)
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{2E2483BF-9406-42E0-B746-4C64D4E37F09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3833D16C-64FA-4245-BD06-ABB6642D8DD3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{399EEA60-CEFA-49B6-8A75-4AB395CB4EF0}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{53725089-1992-498B-95A9-45467FA7FBF5}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{7ED105BF-D480-43AA-904F-21B72B23856D}: [DhcpNameServer] 121.1.3.81 192.168.0.1
Tcpip\..\Interfaces\{9E5691D6-B572-470A-A00F-FD8DAF62FC78}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{A1FA8971-C3F8-4572-B5EF-2D61BCADC7E3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{E097F893-9F91-4F84-A845-040D729BBE25}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{FDEBC5A5-B834-4960-BCFD-9BC50663E0F7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823209866&GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823469881&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: HKLM -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-02-14] (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files\PSafe\ClikSeguro\ClikSeguro.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-02-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-02-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default [2018-02-19]
FF user.js: detected! => C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\user.js [2018-02-19]
FF Homepage: Mozilla\Firefox\Profiles\epdxx4vk.default -> hxxp://isearch.avg.com?pid=avg&sg=&cid=%7Bb5881498-35b7-4298-8fbc-767ebb129b49%7D&mid=d4b708e2bbe647d0be8364bb81e2ba94-5daa6cd66658fedc14254a1b56ff7364ae57fd51&ds=gm011&coid=&cmpid=&v=18.1.9.799&lang=en&pr=sa&d=2012-07-31%2022%3A53%3A12&sap=hp
FF NewTab: Mozilla\Firefox\Profiles\epdxx4vk.default -> search.chatzum.com
FF Extension: (Babylon Spelling and Proofreading) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (Babylon Translation Activation) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (SimilarSites) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi [2018-02-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [clikseguro@psafe.com] - C:\Program Files\PSafe\ClikSeguro\\ffext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-14] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-339281470-1637478255-2933653089-1000: @gentek.com/thinclient -> C:\IGG\twclient_ph\npthinclient.dll [2012-06-01] (Generic Network)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-13]
CHR HKLM\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files\PSafe\ClikSeguro\\chext\clikseguro.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\ATLANT\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1776216 2015-08-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2010-08-27] (TCT International Mobile Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-18] (Malwarebytes)
U3 catchme; \??\C:\Users\ATLANT\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 23:31 - 2018-02-19 23:31 - 000013216 _____ C:\Users\ATLANT\Downloads\FRST.txt
2018-02-19 23:31 - 2018-02-19 23:31 - 000000000 ____D C:\FRST
2018-02-19 23:30 - 2018-02-19 23:31 - 001763840 _____ (Farbar) C:\Users\ATLANT\Downloads\FRST.exe
2018-02-19 23:28 - 2018-02-19 23:28 - 000014243 _____ C:\ComboFix.txt
2018-02-19 23:11 - 2018-02-19 23:28 - 000000000 ____D C:\Qoobox
2018-02-19 23:11 - 2011-06-25 22:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-19 23:11 - 2010-11-07 09:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-19 23:11 - 2009-04-19 20:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-19 23:10 - 2018-02-19 23:26 - 000000000 ____D C:\Windows\erdnt
2018-02-19 23:07 - 2018-02-19 23:10 - 005660720 ____R (Swearware) C:\Users\ATLANT\Downloads\ComboFix.exe
2018-02-18 18:30 - 2018-02-18 18:30 - 000000909 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2018-02-18 18:30 - 2018-02-18 18:30 - 000000901 _____ C:\Users\ATLANT\Desktop\osu!.lnk
2018-02-18 18:16 - 2018-02-19 23:14 - 000000000 ____D C:\Users\ATLANT\AppData\Local\osu!
2018-02-18 18:02 - 2018-02-18 18:02 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-18 18:02 - 2018-02-18 18:02 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-18 18:02 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-18 18:01 - 2018-02-18 18:07 - 001920156 _____ C:\Windows\ntbtlog.txt
2018-02-15 06:06 - 2018-02-14 00:35 - 000002333 _____ C:\Users\ATLANT\Desktop\PowerPoint 2016.lnk
2018-02-14 12:47 - 2018-02-14 12:40 - 028444646 _____ C:\CHAPTER 12.pptx
2018-02-14 01:25 - 2018-02-16 19:53 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-02-14 01:19 - 2018-02-14 01:25 - 000000000 ____D C:\Users\ATLANT\AppData\Local\MSfree Inc
2018-02-14 01:12 - 2018-02-14 01:12 - 000000000 ____D C:\Users\ATLANT\AppData\Local\CEF
2018-02-14 01:05 - 2018-02-14 01:05 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-14 01:05 - 2018-02-14 01:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-02-14 00:51 - 2015-07-18 05:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-14 00:50 - 2018-02-14 00:50 - 000002121 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ___RD C:\Users\ATLANT\OneDrive
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2018-02-14 00:49 - 2018-02-14 06:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-14 00:49 - 2018-02-14 00:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-14 00:35 - 2018-02-14 00:35 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-14 00:35 - 2018-02-14 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-02-14 00:31 - 2018-02-14 00:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-14 00:27 - 2018-02-14 00:27 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-14 00:24 - 2015-09-27 07:27 - 000000000 ____D C:\Users\ATLANT\Desktop\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2018-02-14 00:06 - 2018-02-14 00:06 - 000001042 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-14 00:04 - 2018-02-14 00:08 - 000000000 ____D C:\AdwCleaner
2018-02-14 00:02 - 2018-02-14 00:04 - 008222496 _____ (Malwarebytes) C:\Users\ATLANT\Downloads\adwcleaner_7.0.8.0.exe
2018-02-13 22:10 - 2018-02-13 22:11 - 001129816 _____ (Google Inc.) C:\Users\ATLANT\Downloads\ChromeSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 23:25 - 2009-07-13 18:04 - 000000215 _____ C:\Windows\system.ini
2018-02-19 23:04 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-19 23:04 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-19 22:49 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-15 21:35 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\vlc
2018-02-15 21:14 - 2009-07-13 20:53 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-15 20:28 - 2012-06-26 13:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-15 20:28 - 2011-10-26 23:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-15 20:28 - 2011-08-09 14:25 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-14 22:37 - 2011-08-09 14:20 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 22:37 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2018-02-14 19:38 - 2011-08-09 15:11 - 000000000 ____D C:\Windows\Panther
2018-02-14 19:38 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\ModemLogs
2018-02-14 06:20 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-14 06:06 - 2009-07-13 20:33 - 000423728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 01:18 - 2011-08-09 18:44 - 000109016 _____ C:\Users\ATLANT\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-14 01:08 - 2012-11-30 00:19 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-14 01:08 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-02-14 01:08 - 2009-07-13 23:49 - 000000000 ____D C:\Windows\ShellNew
2018-02-14 01:08 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-14 00:59 - 2011-10-22 10:48 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Facebook
2018-02-14 00:52 - 2011-08-09 14:19 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-02-14 00:51 - 2011-09-26 03:24 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Google
2018-02-14 00:50 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT
2018-02-14 00:49 - 2011-08-09 14:20 - 000000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\Program Files\CCleaner
2018-02-14 00:48 - 2014-09-06 03:11 - 000000000 ____D C:\Windows\Minidump
2018-02-14 00:16 - 2011-10-20 17:44 - 000000000 ____D C:\ProgramData\Real
2018-02-14 00:15 - 2011-10-20 17:34 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-02-14 00:13 - 2011-10-20 20:48 - 000000000 ____D C:\Program Files\Mobily Connect Card
2018-02-14 00:12 - 2012-08-02 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance
2018-02-14 00:10 - 2011-09-26 03:25 - 000000000 ____D C:\Program Files\GRETECH
2018-02-14 00:09 - 2011-08-09 14:24 - 000000000 ____D C:\Program Files\FreeTime
2018-02-14 00:08 - 2011-10-20 17:34 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\DMCache
2018-02-14 00:07 - 2014-09-24 17:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-14 00:07 - 2011-10-26 23:38 - 000000000 ____D C:\Users\ATLANT\AppData\LocalLow\Yahoo!
2018-02-14 00:07 - 2011-08-09 14:25 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-14 00:06 - 2011-08-09 14:26 - 000000000 ____D C:\ProgramData\Yahoo!
2018-02-13 23:58 - 2011-08-09 15:06 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Yahoo
2018-02-13 23:55 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF
2018-02-13 23:53 - 2011-09-26 03:22 - 000000000 ____D C:\Program Files\Common Files\Ahead
2018-02-13 23:49 - 2012-03-03 13:54 - 000000000 ____D C:\Program Files\GNU
2018-02-13 23:49 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\Real
2018-02-13 23:14 - 2014-09-09 03:53 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-13 23:14 - 2014-09-09 03:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 22:42 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2012-03-02 22:35 - 2014-02-23 06:44 - 000152576 _____ () C:\Users\ATLANT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-13 23:08
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17.02.2018
Ran by ATLANT (19-02-2018 23:32:12)
Running from C:\Users\ATLANT\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-08-09 22:17:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-339281470-1637478255-2933653089-500 - Administrator - Disabled)
ATLANT (S-1-5-21-339281470-1637478255-2933653089-1000 - Administrator - Enabled) => C:\Users\ATLANT
Guest (S-1-5-21-339281470-1637478255-2933653089-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-339281470-1637478255-2933653089-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Virtual DJ Toolbar (HKLM\...\{56444A00-6A76-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4331 - APN, LLC)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{547AE7EB-EAD8-46D8-871F-BAE00047B22E}\InprocServer32 -> C:\IGG\twclient_ph\npthinclient.dll (Generic Network)
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FD595AB-192C-4E37-95D0-7692B6780B26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {2CF1FE6F-9BB2-471C-B063-2368BFF9CD5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {38ABCDA2-EC4B-421E-A9E6-F4A7263EA55C} - System32\Tasks\{3E502197-327E-4B5F-9852-5A5A68223E7D} => C:\Users\ATLANT\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Task: {3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {419F6BA8-65F3-4F19-A347-EBA5C7EDCAC8} - System32\Tasks\{15B5FCC1-8557-43EF-999D-55F43BB6F4C8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alonix\UNWISE.EXE" -c C:\Program Files\Alonix\INSTALL.LOG
Task: {4476BF08-E8A2-4B19-81B3-EA26CDC6EF10} - System32\Tasks\{CC7F1D7F-5C89-4F96-9816-A090D92B776B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Beach Head 2002\UNWISE.EXE" -c C:\Program Files\Beach Head 2002\INSTALL.LOG
Task: {4B0B0B87-953A-4BF1-AB0A-2EB12BB80C9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-02-14] (Microsoft Corporation)
Task: {6AAEE441-E54C-4C62-B653-A3B6DEC4CFD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-15] (Adobe Systems Incorporated)
Task: {6C99658F-0E4B-4374-A5AB-8CEEA68FE0A8} - System32\Tasks\{D140FDF5-04F3-4A10-9F2C-D297F05DDD93} => C:\Users\ATLANT\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Task: {75E6D7E9-DD8F-4E1D-B8CC-D84CCD0EA62A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {7D72C945-E76F-493E-BE34-475381EFD461} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8A7D6F24-7A58-4557-B802-B9D66375E325} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-339281470-1637478255-2933653089-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {8C1A8135-3DB6-4880-8CB5-86BCEF17443D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {96A26645-FD24-4313-A7E8-317400780957} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {DB9967E6-4FB1-4115-8577-0E9A877515AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-02-14] (Microsoft Corporation)
Task: {DCBF34DF-3EB3-41D2-B3D9-B4FDF9BA0E7E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {F454499B-8029-4FA1-8BB8-44EDE4F826D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-339281470-1637478255-2933653089-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {F6463D1F-8BCB-4172-BD99-635EA173DA58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ATLANT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-02-14 00:27 - 2015-08-15 23:55 - 000135232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2018-02-18 18:02 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-14 00:34 - 2018-02-14 00:34 - 008903232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2018-02-13 23:14 - 2018-01-03 00:56 - 003062104 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-02-13 23:14 - 2018-01-03 00:56 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-10-20 18:07 - 2018-02-19 23:25 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3EBA70AD-3DE1-425B-A876-65315FEC951D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F0665C44-FFFD-43B0-9944-CA3809F049D5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{08CC4067-8802-4B4C-B7CA-775A2F1EB6A2}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{7ADC99D1-809E-4D65-9E3E-12C524F51FF4}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{3FF00EA5-B353-4C03-99EE-DF597311C41F}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{AE0704DD-84D2-4B25-83B6-83F81FEFE337}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{169A8B3E-14AD-4946-A8E8-09C19B04367F}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{C17B6C80-1139-4C6F-9988-8F1F95CA24D0}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{BB2DE402-E35E-40F7-AA66-5ECA84E50415}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{A9F49383-5787-4D49-815B-5FDBC1283E2A}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{322B5DD0-EDFD-4113-ACEB-C363CE39078C}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{1BDA3D18-0152-42B9-A488-C46EE19DCD72}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{A31C8FD0-D01A-41D1-AA01-BCB77A2139A4}C:\twistytracks\twistytracks.exe] => (Block) C:\twistytracks\twistytracks.exe
FirewallRules: [UDP Query User{74E55B07-B7DA-40D0-8914-43922D84A86A}C:\twistytracks\twistytracks.exe] => (Block) C:\twistytracks\twistytracks.exe
FirewallRules: [{7C7043F7-E8E2-493A-8433-71A8DF14B282}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{44EE93CB-E528-44DA-B7A5-00B4A5FCBD9E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{48BA4399-C232-45C0-99BB-6F9A7AFC34AD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A831CEC3-D75E-47FB-9A3D-650F523372BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1706AC9B-4544-4538-8958-0D54A48FA06F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC538267-D7C3-45D9-9256-E053F79A439C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{85E7CDEE-58E2-4614-B533-7D3BB5C82345}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{22BA500D-878E-4119-BE13-BFEA3A87CB62}] => (Allow) C:\Users\ATLANT\AppData\Local\Microsoft\OneDrive\OneDrive.exe
 
==================== Restore Points =========================
 
14-02-2018 00:45:02 Removed osu!
14-02-2018 00:47:06 Configured YouCam
14-02-2018 00:49:39 Configured YouCam
14-02-2018 01:06:11 Removed Microsoft Office Professional Edition 2003
14-02-2018 01:23:49 Removed Skype™ 5.3
14-02-2018 19:49:26 Windows Update
19-02-2018 23:12:00 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2018 01:23:35 AM) (Source: MsiInstaller) (EventID: 11316) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\AskToolbarInstaller-12.10.2_VDJ.msi
 
Error: (02/14/2018 01:08:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/14/2018 01:08:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/14/2018 12:49:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d9ddd37a-67f5-4930-9258-71fa9dd26782}
 
Error: (02/14/2018 12:47:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d9ddd37a-67f5-4930-9258-71fa9dd26782}
 
Error: (02/14/2018 12:45:59 AM) (Source: MsiInstaller) (EventID: 11316) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\AskToolbarInstaller-12.10.2_VDJ.msi
 
Error: (02/14/2018 12:45:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Internet Explorer
 
Error: (02/14/2018 12:45:34 AM) (Source: MsiInstaller) (EventID: 10005) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Internet Explorer
 
 
System errors:
=============
Error: (02/19/2018 11:25:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 11:21:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 11:14:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 10:54:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (02/19/2018 10:54:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (02/19/2018 10:51:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2018 10:50:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2018 10:49:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Windows Defender:
===================================
Date: 2018-02-14 00:06:15.013
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:bho:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079a25-328f-4bd4-be04-00955acaa0a7};bho:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4f12-8568-69135F087DB0};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515};file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest;file:C:\Program Files\Windows Searchqu T
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2018-02-13 23:45:34.805
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll;process:pid:1472,ProcessStart:131630675288000480;process:pid:1792,ProcessStart:131630675312492523
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2018-02-13 23:18:20.610
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{8E892B4D-80A1-4AE0-B141-C8B3130C84FC}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-02-13 23:17:40.440
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;process:pid:1740,ProcessStart:126228294498640463
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2014-09-02 05:35:49.361
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{D491876D-4986-4C4F-8F6F-EDF5A974ADD6}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-02-14 00:06:22.611
Description: 
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path:file:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\;folder:\\?\C:\Program F
Action:Remove
Error Code:0x80070003
Error description:The system cannot find the path specified. 
Status:To finish removing spyware and other potentially unwanted software, restart the computer. 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 1977.98 MB
Available physical RAM: 972.81 MB
Total Virtual: 3955.95 MB
Available Virtual: 2880.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:87.79 GB) (Free:61.72 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:144.99 GB) (Free:144.85 GB) NTFS
 
\\?\Volume{87cdc68d-c2d4-11e0-89fe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: CC7A30F1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Any help would be appreciated. Thanks!

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 21 February 2018 - 08:26 PM

Greetings japjap4 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2016 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 24 February 2018 - 10:51 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 25 February 2018 - 11:18 PM

Greetings,

 

Sorry for the delay, been busy with school stuff. I am still with you, I will post the results as soon as I am finished uninstalling MS Office. Thanks.



#5 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 25 February 2018 - 11:48 PM

ckfiles.txt
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.QPLBV0
 ----- EOF ----- 
 
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17.02.2018
Ran by ATLANT (administrator) on ATLANT-PC (26-02-2018 12:45:11)
Running from C:\Users\ATLANT\Desktop
Loaded Profiles: ATLANT (Available Profiles: ATLANT)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\ATLANT\Desktop\CKScanner.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor)
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{2E2483BF-9406-42E0-B746-4C64D4E37F09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3833D16C-64FA-4245-BD06-ABB6642D8DD3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{399EEA60-CEFA-49B6-8A75-4AB395CB4EF0}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{53725089-1992-498B-95A9-45467FA7FBF5}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{7ED105BF-D480-43AA-904F-21B72B23856D}: [DhcpNameServer] 121.1.3.81 192.168.0.1
Tcpip\..\Interfaces\{9E5691D6-B572-470A-A00F-FD8DAF62FC78}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{A1FA8971-C3F8-4572-B5EF-2D61BCADC7E3}: [NameServer] 86.51.35.24 86.51.34.24
Tcpip\..\Interfaces\{E097F893-9F91-4F84-A845-040D729BBE25}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{FDEBC5A5-B834-4960-BCFD-9BC50663E0F7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823209866&GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131630691823469881&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: HKLM -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files\PSafe\ClikSeguro\ClikSeguro.dll => No File
Toolbar: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default [2018-02-26]
FF user.js: detected! => C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\user.js [2018-02-19]
FF Homepage: Mozilla\Firefox\Profiles\epdxx4vk.default -> hxxp://isearch.avg.com?pid=avg&sg=&cid=%7Bb5881498-35b7-4298-8fbc-767ebb129b49%7D&mid=d4b708e2bbe647d0be8364bb81e2ba94-5daa6cd66658fedc14254a1b56ff7364ae57fd51&ds=gm011&coid=&cmpid=&v=18.1.9.799&lang=en&pr=sa&d=2012-07-31%2022%3A53%3A12&sap=hp
FF NewTab: Mozilla\Firefox\Profiles\epdxx4vk.default -> search.chatzum.com
FF Extension: (Babylon Spelling and Proofreading) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (Babylon Translation Activation) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (SimilarSites) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi [2018-02-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [clikseguro@psafe.com] - C:\Program Files\PSafe\ClikSeguro\\ffext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-01] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-339281470-1637478255-2933653089-1000: @gentek.com/thinclient -> C:\IGG\twclient_ph\npthinclient.dll [2012-06-01] (Generic Network)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\ATLANT\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-13]
CHR HKLM\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files\PSafe\ClikSeguro\\chext\clikseguro.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\ATLANT\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2010-08-27] (TCT International Mobile Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-18] (Malwarebytes)
S3 catchme; \??\C:\Users\ATLANT\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-26 12:45 - 2018-02-26 12:46 - 000011365 _____ C:\Users\ATLANT\Desktop\FRST.txt
2018-02-26 12:10 - 2018-02-26 12:11 - 000468480 _____ () C:\Users\ATLANT\Desktop\CKScanner.exe
2018-02-19 23:31 - 2018-02-26 12:45 - 000000000 ____D C:\FRST
2018-02-19 23:30 - 2018-02-19 23:31 - 001763840 _____ (Farbar) C:\Users\ATLANT\Desktop\FRST.exe
2018-02-19 23:28 - 2018-02-19 23:28 - 000014243 _____ C:\ComboFix.txt
2018-02-19 23:11 - 2018-02-19 23:28 - 000000000 ____D C:\Qoobox
2018-02-19 23:11 - 2011-06-25 22:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-19 23:11 - 2010-11-07 09:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-19 23:11 - 2009-04-19 20:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-19 23:11 - 2000-08-30 16:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-19 23:10 - 2018-02-19 23:26 - 000000000 ____D C:\Windows\erdnt
2018-02-19 23:07 - 2018-02-19 23:10 - 005660720 ____R (Swearware) C:\Users\ATLANT\Downloads\ComboFix.exe
2018-02-18 18:30 - 2018-02-18 18:30 - 000000909 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2018-02-18 18:30 - 2018-02-18 18:30 - 000000901 _____ C:\Users\ATLANT\Desktop\osu!.lnk
2018-02-18 18:16 - 2018-02-19 23:14 - 000000000 ____D C:\Users\ATLANT\AppData\Local\osu!
2018-02-18 18:02 - 2018-02-18 18:02 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-18 18:02 - 2018-02-18 18:02 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-18 18:02 - 2018-02-18 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-18 18:02 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-18 18:01 - 2018-02-18 18:07 - 001920156 _____ C:\Windows\ntbtlog.txt
2018-02-14 12:47 - 2018-02-14 12:40 - 028444646 _____ C:\CHAPTER 12.pptx
2018-02-14 01:25 - 2018-02-26 12:41 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-02-14 01:19 - 2018-02-14 01:25 - 000000000 ____D C:\Users\ATLANT\AppData\Local\MSfree Inc
2018-02-14 01:12 - 2018-02-14 01:12 - 000000000 ____D C:\Users\ATLANT\AppData\Local\CEF
2018-02-14 01:05 - 2018-02-14 01:05 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-14 01:05 - 2018-02-14 01:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-02-14 00:51 - 2015-07-18 05:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-14 00:51 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-14 00:50 - 2018-02-14 00:50 - 000002121 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000002018 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ___RD C:\Users\ATLANT\OneDrive
2018-02-14 00:50 - 2018-02-14 00:50 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2018-02-14 00:49 - 2018-02-14 06:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-14 00:49 - 2018-02-14 00:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-14 00:24 - 2018-02-26 12:43 - 000000000 ____D C:\Users\ATLANT\Desktop\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2018-02-14 00:06 - 2018-02-14 00:06 - 000001042 _____ C:\Users\ATLANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-14 00:04 - 2018-02-14 00:08 - 000000000 ____D C:\AdwCleaner
2018-02-14 00:02 - 2018-02-14 00:04 - 008222496 _____ (Malwarebytes) C:\Users\ATLANT\Downloads\adwcleaner_7.0.8.0.exe
2018-02-13 22:10 - 2018-02-13 22:11 - 001129816 _____ (Google Inc.) C:\Users\ATLANT\Downloads\ChromeSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-26 12:46 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-26 12:46 - 2009-07-13 20:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-26 12:27 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-26 12:24 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-26 12:22 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-19 23:25 - 2009-07-13 18:04 - 000000215 _____ C:\Windows\system.ini
2018-02-15 21:35 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\vlc
2018-02-15 21:14 - 2009-07-13 20:53 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-15 20:28 - 2012-06-26 13:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-15 20:28 - 2011-10-26 23:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-15 20:28 - 2011-08-09 14:25 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-14 22:37 - 2011-08-09 14:20 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 22:37 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2018-02-14 19:38 - 2011-08-09 15:11 - 000000000 ____D C:\Windows\Panther
2018-02-14 19:38 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\ModemLogs
2018-02-14 06:06 - 2009-07-13 20:33 - 000423728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 01:18 - 2011-08-09 18:44 - 000109016 _____ C:\Users\ATLANT\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-14 01:08 - 2012-11-30 00:19 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-14 01:08 - 2009-07-13 23:49 - 000000000 ____D C:\Windows\ShellNew
2018-02-14 00:59 - 2011-10-22 10:48 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Facebook
2018-02-14 00:52 - 2011-08-09 14:19 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-02-14 00:51 - 2011-09-26 03:24 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Google
2018-02-14 00:50 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT
2018-02-14 00:49 - 2011-08-09 14:20 - 000000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-14 00:49 - 2011-08-09 14:20 - 000000000 ____D C:\Program Files\CCleaner
2018-02-14 00:48 - 2014-09-06 03:11 - 000000000 ____D C:\Windows\Minidump
2018-02-14 00:16 - 2011-10-20 17:44 - 000000000 ____D C:\ProgramData\Real
2018-02-14 00:15 - 2011-10-20 17:34 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-02-14 00:13 - 2011-10-20 20:48 - 000000000 ____D C:\Program Files\Mobily Connect Card
2018-02-14 00:12 - 2012-08-02 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance
2018-02-14 00:10 - 2011-09-26 03:25 - 000000000 ____D C:\Program Files\GRETECH
2018-02-14 00:09 - 2011-08-09 14:24 - 000000000 ____D C:\Program Files\FreeTime
2018-02-14 00:08 - 2011-10-20 17:34 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\DMCache
2018-02-14 00:07 - 2014-09-24 17:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-14 00:07 - 2011-10-26 23:38 - 000000000 ____D C:\Users\ATLANT\AppData\LocalLow\Yahoo!
2018-02-14 00:07 - 2011-08-09 14:25 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-14 00:06 - 2011-08-09 14:26 - 000000000 ____D C:\ProgramData\Yahoo!
2018-02-13 23:58 - 2011-08-09 15:06 - 000000000 ____D C:\Users\ATLANT\AppData\Local\Yahoo
2018-02-13 23:55 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF
2018-02-13 23:53 - 2011-09-26 03:22 - 000000000 ____D C:\Program Files\Common Files\Ahead
2018-02-13 23:49 - 2012-03-03 13:54 - 000000000 ____D C:\Program Files\GNU
2018-02-13 23:49 - 2011-08-09 14:19 - 000000000 ____D C:\Users\ATLANT\AppData\Roaming\Real
2018-02-13 23:14 - 2014-09-09 03:53 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-13 23:14 - 2014-09-09 03:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 22:42 - 2011-08-09 14:17 - 000000000 ____D C:\Users\ATLANT\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2012-03-02 22:35 - 2014-02-23 06:44 - 000152576 _____ () C:\Users\ATLANT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-13 23:08
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17.02.2018
Ran by ATLANT (26-02-2018 12:47:07)
Running from C:\Users\ATLANT\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-08-09 22:17:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-339281470-1637478255-2933653089-500 - Administrator - Disabled)
ATLANT (S-1-5-21-339281470-1637478255-2933653089-1000 - Administrator - Enabled) => C:\Users\ATLANT
Guest (S-1-5-21-339281470-1637478255-2933653089-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-339281470-1637478255-2933653089-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Virtual DJ Toolbar (HKLM\...\{56444A00-6A76-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4331 - APN, LLC)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{547AE7EB-EAD8-46D8-871F-BAE00047B22E}\InprocServer32 -> C:\IGG\twclient_ph\npthinclient.dll (Generic Network)
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-339281470-1637478255-2933653089-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\ATLANT\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FD595AB-192C-4E37-95D0-7692B6780B26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {2CF1FE6F-9BB2-471C-B063-2368BFF9CD5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {380A34D8-4F85-411A-ABF7-A790CD00DE3D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-339281470-1637478255-2933653089-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {38ABCDA2-EC4B-421E-A9E6-F4A7263EA55C} - System32\Tasks\{3E502197-327E-4B5F-9852-5A5A68223E7D} => C:\Users\ATLANT\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Task: {3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {419F6BA8-65F3-4F19-A347-EBA5C7EDCAC8} - System32\Tasks\{15B5FCC1-8557-43EF-999D-55F43BB6F4C8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alonix\UNWISE.EXE" -c C:\Program Files\Alonix\INSTALL.LOG
Task: {4476BF08-E8A2-4B19-81B3-EA26CDC6EF10} - System32\Tasks\{CC7F1D7F-5C89-4F96-9816-A090D92B776B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Beach Head 2002\UNWISE.EXE" -c C:\Program Files\Beach Head 2002\INSTALL.LOG
Task: {489B1D77-45E7-4BEF-82D0-6C1D86F8E043} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-339281470-1637478255-2933653089-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {6AAEE441-E54C-4C62-B653-A3B6DEC4CFD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-15] (Adobe Systems Incorporated)
Task: {6C99658F-0E4B-4374-A5AB-8CEEA68FE0A8} - System32\Tasks\{D140FDF5-04F3-4A10-9F2C-D297F05DDD93} => C:\Users\ATLANT\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Task: {75E6D7E9-DD8F-4E1D-B8CC-D84CCD0EA62A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {7D72C945-E76F-493E-BE34-475381EFD461} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8C1A8135-3DB6-4880-8CB5-86BCEF17443D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {F6463D1F-8BCB-4172-BD99-635EA173DA58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ATLANT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-02-18 18:02 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-13 23:14 - 2018-01-03 00:56 - 003062104 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-02-13 23:14 - 2018-01-03 00:56 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-02-26 12:10 - 2018-02-26 12:11 - 000468480 _____ () C:\Users\ATLANT\Desktop\CKScanner.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-10-20 18:07 - 2018-02-19 23:25 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3EBA70AD-3DE1-425B-A876-65315FEC951D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F0665C44-FFFD-43B0-9944-CA3809F049D5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{08CC4067-8802-4B4C-B7CA-775A2F1EB6A2}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{7ADC99D1-809E-4D65-9E3E-12C524F51FF4}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{3FF00EA5-B353-4C03-99EE-DF597311C41F}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{AE0704DD-84D2-4B25-83B6-83F81FEFE337}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{169A8B3E-14AD-4946-A8E8-09C19B04367F}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{C17B6C80-1139-4C6F-9988-8F1F95CA24D0}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{BB2DE402-E35E-40F7-AA66-5ECA84E50415}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{A9F49383-5787-4D49-815B-5FDBC1283E2A}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{322B5DD0-EDFD-4113-ACEB-C363CE39078C}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{1BDA3D18-0152-42B9-A488-C46EE19DCD72}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{A31C8FD0-D01A-41D1-AA01-BCB77A2139A4}C:\twistytracks\twistytracks.exe] => (Block) C:\twistytracks\twistytracks.exe
FirewallRules: [UDP Query User{74E55B07-B7DA-40D0-8914-43922D84A86A}C:\twistytracks\twistytracks.exe] => (Block) C:\twistytracks\twistytracks.exe
FirewallRules: [{7C7043F7-E8E2-493A-8433-71A8DF14B282}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{44EE93CB-E528-44DA-B7A5-00B4A5FCBD9E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A831CEC3-D75E-47FB-9A3D-650F523372BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC538267-D7C3-45D9-9256-E053F79A439C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{22BA500D-878E-4119-BE13-BFEA3A87CB62}] => (Allow) C:\Users\ATLANT\AppData\Local\Microsoft\OneDrive\OneDrive.exe
 
==================== Restore Points =========================
 
14-02-2018 00:45:02 Removed osu!
14-02-2018 00:47:06 Configured YouCam
14-02-2018 00:49:39 Configured YouCam
14-02-2018 01:06:11 Removed Microsoft Office Professional Edition 2003
14-02-2018 01:23:49 Removed Skype™ 5.3
14-02-2018 19:49:26 Windows Update
19-02-2018 23:12:00 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/26/2018 12:29:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a70
 
Start Time: 01d3af403e497cfe
 
Termination Time: 0
 
Application Path: C:\Users\ATLANT\Desktop\CKScanner.exe
 
Report Id: b711eeaf-1b33-11e8-9a1f-b5b200ce0561
 
Error: (02/14/2018 01:23:35 AM) (Source: MsiInstaller) (EventID: 11316) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\AskToolbarInstaller-12.10.2_VDJ.msi
 
Error: (02/14/2018 01:08:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/14/2018 01:08:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/14/2018 12:49:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d9ddd37a-67f5-4930-9258-71fa9dd26782}
 
Error: (02/14/2018 12:47:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d9ddd37a-67f5-4930-9258-71fa9dd26782}
 
Error: (02/14/2018 12:45:59 AM) (Source: MsiInstaller) (EventID: 11316) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\AskToolbarInstaller-12.10.2_VDJ.msi
 
Error: (02/14/2018 12:45:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: ATLANT-PC)
Description: Product: Virtual DJ Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Internet Explorer
 
 
System errors:
=============
Error: (02/19/2018 11:25:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 11:21:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 11:14:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2018 10:54:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (02/19/2018 10:54:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (02/19/2018 10:51:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2018 10:50:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2018 10:49:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Windows Defender:
===================================
Date: 2018-02-14 00:06:15.013
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:bho:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079a25-328f-4bd4-be04-00955acaa0a7};bho:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4f12-8568-69135F087DB0};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87};clsid:HKLM\SOFTWARE\CLASSES\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515};file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest;file:C:\Program Files\Windows Searchqu T
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2018-02-13 23:45:34.805
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll;process:pid:1472,ProcessStart:131630675288000480;process:pid:1792,ProcessStart:131630675312492523
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2018-02-13 23:18:20.610
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{8E892B4D-80A1-4AE0-B141-C8B3130C84FC}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-02-13 23:17:40.440
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe;process:pid:1740,ProcessStart:126228294498640463
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
 
Date: 2014-09-02 05:35:49.361
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{D491876D-4986-4C4F-8F6F-EDF5A974ADD6}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-02-14 00:06:22.611
Description: 
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/KipodToolsCby
ID:207199
Severity:High
Category:Browser Modifier
Path:file:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\;folder:\\?\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\;folder:\\?\C:\Program F
Action:Remove
Error Code:0x80070003
Error description:The system cannot find the path specified. 
Status:To finish removing spyware and other potentially unwanted software, restart the computer. 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 1977.98 MB
Available physical RAM: 986.84 MB
Total Virtual: 3955.95 MB
Available Virtual: 2916.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:87.79 GB) (Free:66.17 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:144.99 GB) (Free:144.85 GB) NTFS
 
\\?\Volume{87cdc68d-c2d4-11e0-89fe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: CC7A30F1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 26 February 2018 - 09:42 AM

Thank you for your understanding in removing the programs.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
URLSearchHook: HKLM -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
BHO: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files\PSafe\ClikSeguro\ClikSeguro.dll => No File
Toolbar: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Program Files\PSafe
FF NewTab: Mozilla\Firefox\Profiles\epdxx4vk.default -> search.chatzum.com
FF Extension: (Babylon Spelling and Proofreading) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (Babylon Translation Activation) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (SimilarSites) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi [2018-02-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [clikseguro@psafe.com] - C:\Program Files\PSafe\ClikSeguro\\ffext => not found
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
CHR HKLM\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files\PSafe\ClikSeguro\\chext\clikseguro.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\ATLANT\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 catchme; \??\C:\Users\ATLANT\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-02-14 01:25 - 2018-02-26 12:41 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-02-26 12:24 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Microsoft Office
Task: {3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
emptytemp:
hosts:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner report
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 27 February 2018 - 04:46 AM

AdwCleaner Report 
# AdwCleaner 7.0.8.0 - Logfile created on Tue Feb 27 20:38:54 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-26-2018.2
# Running on Windows 7 Ultimate (X86)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.Legacy, Plugin found: SimilarSites - 
 
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [31284 B] - [2018/2/14 8:8:6]
C:/AdwCleaner/AdwCleaner[S0].txt - [35442 B] - [2018/2/14 8:7:27]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
Fixlog
Fix result of Farbar Recovery Scan Tool (x86) Version: 17.02.2018
Ran by ATLANT (27-02-2018 12:42:26) Run:1
Running from C:\Users\ATLANT\Desktop
Loaded Profiles: ATLANT (Available Profiles: ATLANT)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
URLSearchHook: HKLM -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
BHO: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files\PSafe\ClikSeguro\ClikSeguro.dll => No File
Toolbar: HKU\S-1-5-21-339281470-1637478255-2933653089-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Program Files\PSafe
FF NewTab: Mozilla\Firefox\Profiles\epdxx4vk.default -> search.chatzum.com
FF Extension: (Babylon Spelling and Proofreading) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (Babylon Translation Activation) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi [2013-04-02] [Legacy] [not signed]
FF Extension: (SimilarSites) - C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi [2018-02-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [clikseguro@psafe.com] - C:\Program Files\PSafe\ClikSeguro\\ffext => not found
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
CHR HKLM\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files\PSafe\ClikSeguro\\chext\clikseguro.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\ATLANT\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 catchme; \??\C:\Users\ATLANT\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-02-14 01:25 - 2018-02-26 12:41 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-02-26 12:24 - 2011-09-26 03:20 - 000000000 ____D C:\Program Files\Microsoft Office
Task: {3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
emptytemp:
hosts:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\" => removed successfully.
"HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}" => removed successfully.
"HKLM\Software\Classes\CLSID\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}" => removed successfully.
"HKU\S-1-5-21-339281470-1637478255-2933653089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"C:\Program Files\PSafe" => not found
"Firefox newtab" => removed successfully.
C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\adapter@babylontc.com.xpi => moved successfully
C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\ocr@babylon.com.xpi => moved successfully
"C:\Users\ATLANT\AppData\Roaming\Mozilla\Firefox\Profiles\epdxx4vk.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}.xpi" => not found
"HKLM\Software\Mozilla\Firefox\Extensions\\clikseguro@psafe.com" => removed successfully.
"HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fpknlgclcjbgepbagcobhdainldkgggl" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => removed successfully.
"HKLM\System\CurrentControlSet\Services\NMIndexingService" => removed successfully.
NMIndexingService => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ewusbnet" => removed successfully.
ewusbnet => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hwdatacard" => removed successfully.
hwdatacard => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hwusbdev" => removed successfully.
hwusbdev => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully.
Synth3dVsc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully.
tsusbhub => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
C:\ProgramData\KMSAutoS => moved successfully
C:\Program Files\Microsoft Office => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C089F71-3DEF-4000-8D2A-B38E95E0B2A3} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\KMSAutoNet => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13750496 B
Java, Flash, Steam htmlcache => 494046332 B
Windows/system/drivers => 2294573 B
Edge => 0 B
Chrome => 482199611 B
Firefox => 73698512 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 10598276 B
LocalService => 132244 B
NetworkService => 71060 B
ATLANT => 7245727 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================


#8 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 27 February 2018 - 04:49 AM

Well, computer is pretty much the same as usual. It's a bit faster now though, but programs hang every now and then tho (not responding or takes a long time to process). Could it just be my computer parts that are old?

 

Also, if possible, can you explain the random Avast! Anti-virus that popped up in my desktop? Was it some sort of virus or such? I don't necessarily feel safe after encountering that...



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 27 February 2018 - 10:22 AM

Greetings.

Avast was downloaded on February 14th. Do you recall downloading that? It is not uncommon for followup Avast activity depending on the program settings. In addition there is an error related to Avast in your reports. The program can be uninstalled if you'd like.

Please boot into Safe Mode with Networking and let me know how your computer performs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 01 March 2018 - 03:30 AM

Hello,

 

Unfortunately, I don't recall downloading it. As far as I know, I was cleaning my computer and stuff and I was just waiting for the my Malwarebytes Anti-Malware to finish its download when suddenly, as I looked at my desktop, it was there all of a sudden, which left me bewildered. I know I didn't recall seeing any marks to "download" Avast alongside. I don't know...

 

Will give you a heads up about the start up in safe mode with networking in a couple of minutes.



#11 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 01 March 2018 - 03:31 AM

Also, I'm pretty sure this laptop did not have any Avast related program downloaded. I think AVG was the previous Anti-virus before I uninstalled it for cleaning purposes.



#12 japjap4

japjap4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 01 March 2018 - 03:41 AM

Heads up: all good. Safe mode with networking is a bit faster than the normal start up though. That's what I feel although it could be just me.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 01 March 2018 - 03:06 PM

Greetings.

Programs don't freeze in Safe Mode?

Download and run the Avast Uninstall Utility.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs freeze?
  • Avast uninstall?
  • ESET log
  • How is your computer running in Normal and Safe Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 05 March 2018 - 10:58 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 PM

Posted 07 March 2018 - 11:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users