Jump to content

ProblemsRBad

Members
  • Content count

    1,193
  • Joined

  • Last visited

  • Days Won

    1

About ProblemsRBad

  • Rank
    $ Supporting Member

Profile Information

  • Gender
    Not Telling
  • OS
    Windows 10

Profile Fields

  • Country

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ProblemsRBad

    Rogue DHCP server malware

    I'm looking for a free tool that will stop my repeater networks from rogue DHCP server malware. My traffic is getting redirected away from it's source. I'm wanting to prevent the redirect from happening. I know there is paid software but I'm looking for something free that will automatically block the malware from entering my registry. I found this rogue DHCP DNS malware scanning with free Roguekiller. But every time I scan and clean it out, it comes right back with a new DNS. 😕 Does anybody know of a free (not trial) tool?
  2. This laptiop was bought second hand. So it's a possibility that the Windows could be pireted version. :/
  3. Yes, couple times. Still get a pop up says software fraud. In system the activation is active and genuine. I dont see any water marks in the bottomleft of the screen nither.
  4. After reboot, I get a pop up says "You may be a victom of software fraud. Please activate Windows now". When I go to look at system it says Windows is activated and genuine. Not sure why I get a pop up. It also gos away after some time.
  5. Well I scanned with this a second time to see if I can get a log from the scanner itself before you posted. I did'nt know it saved logs in that location. The first scan found and delete 8 infections. Here is the log from the second scan. I think it over write the first scan, sorry about that. 01:47:08 # product=EOS # version=8 # flags=0 # esetonlinescanner_enu.exe=2.0.22.0 # EOSSerial= # end=init # utc_time=2561-06-23 18:47:04 # local_time=2561-06-24 01:47:04 (+0700, SE Asia Standard Time) # country="Thailand" # osver=6.1.7601 NT Service Pack 1 01:47:16 # product=EOS # version=8 # flags=0 # esetonlinescanner_enu.exe=2.0.22.0 # EOSSerial=0708c94af731714992c882b4bf265f54 # end=init # utc_time=2561-06-23 18:47:14 # local_time=2561-06-24 01:47:14 (+0700, SE Asia Standard Time) # country="Thailand" # osver=6.1.7601 NT Service Pack 1 01:47:34 Updating 01:47:34 Update Init 01:47:38 Update Download 03:11:37 esets_scanner_reload returned 0 03:11:38 g_uiModuleBuild: 37814 03:11:38 Update Finalize 03:11:38 Call m_esets_charon_send 03:11:38 Call m_esets_charon_destroy 03:11:38 Updated modules version: 37814 03:11:57 Call m_esets_charon_setup_create 03:11:57 Call m_esets_charon_create 03:11:57 m_esets_charon_create OK 03:11:57 Call m_esets_charon_start_send_thread 03:11:57 Call m_esets_charon_setup_set 03:11:57 m_esets_charon_setup_set OK 03:11:57 Scanner engine: 37814 19:21:09 # product=EOS # version=8 # flags=0 # esetonlinescanner_enu.exe=2.0.22.0 # EOSSerial=0708c94af731714992c882b4bf265f54 # end=init # utc_time=2561-06-24 12:21:08 # local_time=2561-06-24 19:21:08 (+0700, SE Asia Standard Time) # country="Thailand" # osver=6.1.7601 NT Service Pack 1 19:21:27 # product=EOS # version=8 # flags=0 # esetonlinescanner_enu.exe=2.0.22.0 # EOSSerial=0708c94af731714992c882b4bf265f54 # end=init # utc_time=2561-06-24 12:21:25 # local_time=2561-06-24 19:21:25 (+0700, SE Asia Standard Time) # country="Thailand" # osver=6.1.7601 NT Service Pack 1 19:33:49 Call m_esets_charon_setup_create 19:33:49 Call m_esets_charon_create 19:33:50 m_esets_charon_create OK 19:33:50 Call m_esets_charon_start_send_thread 19:33:50 Call m_esets_charon_setup_set 19:33:50 m_esets_charon_setup_set OK 19:34:19 Updating 19:34:19 Update Init 19:34:44 Call m_esets_charon_setup_create 19:34:44 Call m_esets_charon_create 19:34:44 m_esets_charon_setup_set ERROR 19:34:44 Update Download 19:35:43 esets_scanner_reload returned 0 19:35:43 g_uiModuleBuild: 37820 19:35:43 Update Finalize 19:35:43 Call m_esets_charon_send 19:35:43 Call m_esets_charon_destroy 19:35:44 Updated modules version: 37820 19:36:07 Call m_esets_charon_setup_create 19:36:07 Call m_esets_charon_create 19:36:07 m_esets_charon_setup_set ERROR 19:36:07 Scanner engine: 37820
  6. Eset finished scanning. I clicked to clean automaticlly.The machine rebooted while I was sleeping. Where do I find the Eset log?
  7. I am still scanning with Eset online scanner. The Microsoft Security Essentials popped up with infection detected. Not sure if Eset will find it so I took a screen shot. Eset is still scannin right now.
  8. Farbar Service Scanner Version: 27-01-2016 Ran by HB (administrator) on 24-06-2018 at 00:09:10 Running from "C:\Users\HB\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  9. Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 29.0.0.171 Mozilla Firefox (44.0.2) Google Chrome (67.0.3396.87) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
  10. I cant get Sophos to install. When I double click to run, it never opens. I went ahead and downloaded Eset online scanner.
  11. Thanks, here is the fix log: Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by HB (23-06-2018 23:22:35) Run:1 Running from C:\Users\HB\Desktop Loaded Profiles: HB (Available Profiles: HB) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {116e46e2-20d7-11e6-b451-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {1fe76b99-06eb-11e6-b0c6-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {1fe76ba8-06eb-11e6-b0c6-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {2f3d3801-009f-11e6-b064-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {2f3d3813-009f-11e6-b064-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {acf495cc-07b5-11e6-bd49-001e101fb45e} - F:\AutoRun.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X] S3 clwvd7; system32\DRIVERS\clwvd7.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2015-12-27 23:15 - 2015-12-27 23:15 - 000000040 _____ () C:\Users\HB\AppData\Roaming\WB.CFG 2018-06-22 12:15 - 2018-06-22 11:17 - 002057928 _____ () C:\Users\HB\AppData\Local\Temp\AnyDeskUninst1510.exe 2018-06-22 21:40 - 2010-11-21 10:23 - 001731936 _____ (Microsoft Corporation) C:\Users\HB\AppData\Local\Temp\dllnt_dump.dll 2018-03-17 23:12 - 2018-03-17 23:12 - 001864256 _____ (Oracle Corporation) C:\Users\HB\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-01-27 13:38 - 2018-04-14 18:24 - 058834376 _____ (Skype Technologies S.A.) C:\Users\HB\AppData\Local\Temp\SkypeSetup.exe 2018-06-04 11:20 - 2007-11-29 18:05 - 000501024 _____ (Corel Corporation) C:\Users\HB\AppData\Local\Temp\Uninst.exe 2018-06-04 11:21 - 2008-10-01 12:40 - 000453720 _____ (Macrovision Corporation) C:\Users\HB\AppData\Local\Temp\_is9217.exe ***************** "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => removed successfully "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{116e46e2-20d7-11e6-b451-00235aefaec6}" => removed successfully HKLM\Software\Classes\CLSID\{116e46e2-20d7-11e6-b451-00235aefaec6} => not found "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fe76b99-06eb-11e6-b0c6-00235aefaec6}" => removed successfully HKLM\Software\Classes\CLSID\{1fe76b99-06eb-11e6-b0c6-00235aefaec6} => not found "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fe76ba8-06eb-11e6-b0c6-00235aefaec6}" => removed successfully HKLM\Software\Classes\CLSID\{1fe76ba8-06eb-11e6-b0c6-00235aefaec6} => not found "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f3d3801-009f-11e6-b064-00235aefaec6}" => removed successfully HKLM\Software\Classes\CLSID\{2f3d3801-009f-11e6-b064-00235aefaec6} => not found "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f3d3813-009f-11e6-b064-00235aefaec6}" => removed successfully HKLM\Software\Classes\CLSID\{2f3d3813-009f-11e6-b064-00235aefaec6} => not found "HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acf495cc-07b5-11e6-bd49-001e101fb45e}" => removed successfully HKLM\Software\Classes\CLSID\{acf495cc-07b5-11e6-bd49-001e101fb45e} => not found "HKLM\SOFTWARE\Policies\Google" => removed successfully "HKLM\System\CurrentControlSet\Services\CLMirrorDriver" => removed successfully CLMirrorDriver => service removed successfully "HKLM\System\CurrentControlSet\Services\clwvd7" => removed successfully clwvd7 => service removed successfully "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully VGPU => service removed successfully C:\Users\HB\AppData\Roaming\WB.CFG => moved successfully C:\Users\HB\AppData\Local\Temp\AnyDeskUninst1510.exe => moved successfully C:\Users\HB\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\HB\AppData\Local\Temp\jre-8u161-windows-au.exe => moved successfully C:\Users\HB\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\HB\AppData\Local\Temp\Uninst.exe => moved successfully C:\Users\HB\AppData\Local\Temp\_is9217.exe => moved successfully The system needed a reboot. ==== End of Fixlog 23:23:02 ====
  12. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by HB (23-06-2018 08:27:58) Running from C:\Users\HB\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-07-27 04:27:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1515187560-3786592396-2126830365-500 - Administrator - Disabled) Guest (S-1-5-21-1515187560-3786592396-2126830365-501 - Limited - Disabled) HB (S-1-5-21-1515187560-3786592396-2126830365-1000 - Administrator - Enabled) => C:\Users\HB HomeGroupUser$ (S-1-5-21-1515187560-3786592396-2126830365-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3G-510 (HKLM-x32\...\3G-510) (Version: 16.002.10.00.764 - Huawei Technologies Co.,Ltd) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.00.985 - AIMP DevTeam) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Camfrog Video Chat 6.20 (HKLM-x32\...\Camfrog) (Version: 6.20.668 - Camshare, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) DriverIdentifier 4.2.9 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HSPA-615Rx (HKLM-x32\...\HSPA-615Rx) (Version: 16.002.10.03.764 - Huawei Technologies Co.,Ltd) iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.) iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.) LINE (HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\LINE) (Version: 5.7.0.1660 - LINE Corporation) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 th) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 th)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype(TM) 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) การสนับสนุนแอปพลิเคชั่นของ Apple (32 บิต) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.) การสนับสนุนแอปพลิเคชั่นของ Apple (64 บิต) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2015-07-27] (AIMP DevTeam) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-10-05] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2015-07-27] (AIMP DevTeam) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-06-05] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1AA4C939-AF63-4A32-82A4-E0C8A14C875F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {5B1B0400-5E3D-4C45-9A8C-BD60746C1A6A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {74388BE0-C2D6-4D79-AD43-89E60B3FC839} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.) Task: {84A9CDCE-BB28-4222-B7AA-0EB8593B058F} - System32\Tasks\{6A394317-FAB9-443D-9EE8-424AC47A1793} => C:\Windows\system32\pcalua.exe -a C:\Users\HB\Downloads\chromeinstall-8u151.exe -d C:\Users\HB\Downloads Task: {8CA43BDB-773F-49A6-AE29-9B920D8068E3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-23] (Adobe Systems Incorporated) Task: {A85C6F68-18F3-4E38-8603-A9AD08B9EE35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {BB52B214-DB2C-4820-9F1D-7551302E7982} - System32\Tasks\{F9B99A2A-5DEE-4328-80CE-EC9ABACB7897} => C:\Windows\system32\pcalua.exe -a "D:\program\driver update\Bluetooth_Broadcom_5.1.0.4500_XPx86\Bluetooth_Broadcom_5.1.0.4500_XPx86\Setup.exe" -d "D:\program\driver update\Bluetooth_Broadcom_5.1.0.4500_XPx86\Bluetooth_Broadcom_5.1.0.4500_XPx86" Task: {C05AF88F-7E03-49D1-8008-70632B2F6C88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.) Task: {C5B510B8-03FB-4D5B-9E1A-67313D41E226} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-23] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-27 12:12 - 2010-03-15 11:28 - 000166400 _____ () C:\Program Files\WinRAR\rarext.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-05-08 18:48 - 2010-05-08 18:48 - 000229376 _____ () C:\ProgramData\DatacardService\DCService.exe 2017-07-16 09:09 - 2013-10-18 16:42 - 000048856 _____ () C:\Windows\runSW.exe 2018-06-22 23:33 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-06-22 23:33 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-07-16 09:09 - 2013-02-27 17:17 - 000221184 _____ () C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll 2017-07-16 09:20 - 2015-03-14 04:44 - 001216144 _____ () C:\Program Files (x86)\MediatekWiFi\Common\RaWLAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 09:34 - 2018-01-26 15:54 - 000000921 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: BitTorrent => "C:\Users\HB\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Camfrog => "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MalwareProtectionLive => C:\Users\HB\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5BA3260F-BF77-482C-83A9-B71EF2E00C5B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6A395A86-6339-45AA-ACF0-57FF2A780DA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20C0171E-0A07-407D-A89E-5FE357D2D64D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{F7CC1731-DD17-4E6E-AB83-18A153EC0D34}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{06C22BE7-CB53-442C-A956-19332FB1F80D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{0800705D-4A7E-42E0-AC94-ED1E8EB6AA64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FDC13CDF-6A88-46AE-B792-DE1A59863A6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FD668BA2-4CE3-4CED-85D0-A25D3DF57AD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6F2635AE-7682-416C-AC62-DECA52DCA75B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6A332B97-3C22-4C50-AFC4-B69FEDF61CAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0AFF4F18-F978-4145-B00A-77C6585CDABE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{259D3FAA-2DD2-48D0-B4C5-7BF98F624E1C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{7596FE1F-8307-447F-A899-6CD9827DA737}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{511FC72E-A598-45E5-9613-0D6646E82F1E}C:\users\hb\downloads\aoe-ror\aoe\empiresx.exe] => (Allow) C:\users\hb\downloads\aoe-ror\aoe\empiresx.exe FirewallRules: [UDP Query User{5A52E4FF-2689-4871-B5FB-4F23F3645239}C:\users\hb\downloads\aoe-ror\aoe\empiresx.exe] => (Allow) C:\users\hb\downloads\aoe-ror\aoe\empiresx.exe FirewallRules: [{50367BEF-100A-4A95-B0A9-72716F882384}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{5315B6FD-D091-47CE-A4E1-702FC5BE6E13}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\RtWlan.exe FirewallRules: [{A27B2C81-AC80-43A0-8DD3-8FCD2B4B4EC2}] => (Allow) LPort=1542 FirewallRules: [{5EBDDE9B-1488-40DC-9E84-C8053328A458}] => (Allow) LPort=1542 FirewallRules: [{02936E83-D396-4C2C-9284-487AFBF4A9D6}] => (Allow) LPort=53 FirewallRules: [{3CEB416E-456A-4CE2-8CD6-B7F13D996475}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\Rtldhcp.exe FirewallRules: [{B806831D-4DAB-4D32-BAFC-551BA6F2E672}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{49747722-4283-417E-9BF5-464C1A354C1E}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{E47CCF4B-DC26-4E3F-B2D0-D582A251F337}] => (Allow) LPort=53 FirewallRules: [{C0C777D5-96E5-4C64-94F2-744DAD2E3998}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{F28F0AD4-B0D4-4C5D-9B6D-2E7007666B68}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{5EAC735F-F7FC-4C77-9443-D8124D78B1BE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{B30F30AB-FF8D-4369-91D3-716C551F3883}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe FirewallRules: [{1E0E66F6-F948-4DD8-BB28-5350EFBFBAAF}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe FirewallRules: [{8300860E-4EE2-4C43-B155-D3BFEEA830E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{E5DC1E8E-0251-4C16-A607-57FC8B57F996}C:\users\hb\downloads\anydesk.exe] => (Block) C:\users\hb\downloads\anydesk.exe FirewallRules: [UDP Query User{487C4EA2-3711-4DD4-892D-2056480A4B32}C:\users\hb\downloads\anydesk.exe] => (Block) C:\users\hb\downloads\anydesk.exe FirewallRules: [{978648B3-6D33-4B5E-976C-9B1F6EF58348}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{0ECD4608-3FBC-4A76-8E57-7D144C50865C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{0C2636CA-DD4A-4E7E-B145-764618424E64}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{2777D52D-EABD-4793-9ECB-95EE3AB9D49C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{36FF73F5-30DD-4330-A0EF-CDE93754AB65}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{D6F68F69-16F3-4ADC-8B98-76109BD25497}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe FirewallRules: [{25DD9B5B-3B76-4A29-AEF7-22E1CE26A995}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3E44540E-7766-499B-8F0B-BDAC98A89EC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6B4C3E70-977D-47AF-BF4C-2E42732C4345}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{534555A9-CA54-47DC-B060-0E2D0B55A7C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= 30-05-2018 12:49:52 Windows Backup 03-06-2018 20:24:34 Windows Backup 04-06-2018 11:20:25 Removed CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension. 04-06-2018 11:20:41 Removed Corel Shell Extension - 64Bit. 04-06-2018 11:21:37 Removed Jumpstart Installation Program 16-06-2018 16:24:47 Windows Backup 20-06-2018 09:12:07 Windows Backup 22-06-2018 11:25:20 Windows Defender Checkpoint 22-06-2018 23:11:38 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2018 08:04:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/23/2018 08:02:43 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x00000000. Error: (06/23/2018 08:02:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: 0x800401F9 Error: (06/23/2018 07:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/23/2018 07:28:36 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x00000000. Error: (06/23/2018 07:28:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: 0x800401F9 Error: (06/23/2018 06:56:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/23/2018 06:54:51 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x00000000. System errors: ============= Error: (06/23/2018 08:03:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/23/2018 08:01:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (06/23/2018 08:01:30 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (06/23/2018 08:01:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/23/2018 08:01:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The บริการ iPod service terminated unexpectedly. It has done this 1 time(s). Error: (06/23/2018 08:01:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/23/2018 08:01:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The RunSwUSB service terminated unexpectedly. It has done this 1 time(s). Error: (06/23/2018 08:01:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Camfrog Update Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2018-06-22 11:14:11.521 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004 Name:BrowserModifier:Win32/Foxiebro ID:235004 Severity:High Category:Browser Modifier Path Found:bho:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\CLASSES\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};file:C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll;file:C:\Program Files (x86)\Discovery App\Uninstaller.exe;ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B18 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2018-06-22 09:25:01.370 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004 Name:BrowserModifier:Win32/Foxiebro ID:235004 Severity:High Category:Browser Modifier Path Found:bho:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\CLASSES\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};file:C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll;file:C:\Program Files (x86)\Discovery App\Uninstaller.exe;ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B18 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2018-06-20 09:03:47.101 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004 Name:BrowserModifier:Win32/Foxiebro ID:235004 Severity:High Category:Browser Modifier Path Found:bho:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\CLASSES\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};file:C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll;file:C:\Program Files (x86)\Discovery App\Uninstaller.exe;ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B18 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2018-06-17 13:13:26.774 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004 Name:BrowserModifier:Win32/Foxiebro ID:235004 Severity:High Category:Browser Modifier Path Found:bho:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\CLASSES\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};file:C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll;file:C:\Program Files (x86)\Discovery App\Uninstaller.exe;ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B18 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2018-06-17 08:57:15.017 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004 Name:BrowserModifier:Win32/Foxiebro ID:235004 Severity:High Category:Browser Modifier Path Found:bho:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\CLASSES\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};clsid:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f};file:C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll;file:C:\Program Files (x86)\Discovery App\Uninstaller.exe;ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};ieaddon:HKCU@S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F};interface:HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\CLASSES\Wow6432Node\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B188CA};interface:HKLM\SOFTWARE\Wow6432Node\CLASSES\INTERFACE\{EAF8EEB4-71A2-41DA-B91C-6E2904B18 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2018-01-26 13:22:25.907 Description: %1 engine has been terminated due to an unexpected error. Failure Type:%5 Exception code:%6 Resource:%3 CodeIntegrity: =================================== Date: 2018-06-23 08:02:39.450 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 07:37:08.832 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 07:28:32.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 07:25:04.430 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 07:01:34.762 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 06:54:47.869 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 06:31:57.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 06:24:21.105 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 41% Total physical RAM: 3069.98 MB Available physical RAM: 1810.86 MB Total Virtual: 6138.15 MB Available Virtual: 4372 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100.42 GB) (Free:58.63 GB) NTFS Drive d: (Data) (Fixed) (Total:197.57 GB) (Free:74.39 GB) NTFS \\?\Volume{fff68904-3416-11e5-8612-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: B6C92891) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=197.6 GB) - (Type=0F Extended) ==================== End of Addition.txt ============================
  13. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018 Ran by HB (administrator) on HB-PC (23-06-2018 08:24:55) Running from C:\Users\HB\Desktop Loaded Profiles: HB (Available Profiles: HB) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe () C:\ProgramData\DatacardService\DCService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe (Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe () C:\Windows\runSW.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Realtek) C:\Windows\SwUSB.exe (Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16152792 2015-07-17] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {116e46e2-20d7-11e6-b451-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {1fe76b99-06eb-11e6-b0c6-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {1fe76ba8-06eb-11e6-b0c6-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {2f3d3801-009f-11e6-b064-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {2f3d3813-009f-11e6-b064-00235aefaec6} - F:\AutoRun.exe HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\...\MountPoints2: {acf495cc-07b5-11e6-bd49-001e101fb45e} - F:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2017-07-16] ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{07569492-2C9E-4C15-8150-43F98BF8BD48}: [NameServer] 124.40.234.71 124.40.225.53 Tcpip\..\Interfaces\{18DB7126-198A-4E12-A5E8-4697E96EA465}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{4618BE59-4F2C-4C7C-8707-B8027501E711}: [NameServer] 115.178.58.10 115.178.58.26 Tcpip\..\Interfaces\{6F0AD4D5-DD44-498B-90BF-EA37C9A3C225}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{73F4F10D-8ADA-47AE-BE92-5D472E69F901}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B3CC8B41-77F5-47D2-AA3D-6BB762726054}: [NameServer] 115.178.58.10 115.178.58.26 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131741151412915400&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131741151413695402&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131741151414319403&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/th-th/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1515187560-3786592396-2126830365-1000 -> DefaultScope {0A4EC16C-EDBF-440A-91B3-BBF6DAB8E7F5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1515187560-3786592396-2126830365-1000 -> {0A4EC16C-EDBF-440A-91B3-BBF6DAB8E7F5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: oxkdd0zl.default FF ProfilePath: C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default [2018-06-23] FF Homepage: Mozilla\Firefox\Profiles\oxkdd0zl.default -> google.com FF Extension: (StartPage) - C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\Extensions\{2bc72c53-9bde-4db2-8479-eda9a5e71f4e}.xpi [2018-01-11] FF Extension: (Discovery App) - C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\Extensions\{5a370f7a-5e1f-4f2b-99e4-eb314e4e5240}.xpi [2015-12-27] [Legacy] [not signed] FF Extension: (eBay Shopping Assistant) - C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\Extensions\{c2fc3c2b-a65a-453c-bf95-101fde56ed1d}.xpi [2018-01-11] [Legacy] FF Extension: (Google Code Correction) - C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\features\{755d511d-3fc4-4060-8adc-1ae1089ced32}\google-code-correction@mozilla.org.xpi [2018-06-22] [Legacy] FF SearchPlugin: C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\searchplugins\default.xml [2018-06-23] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-23] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-23] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.co.th/?gws_rd=cr&dcr=0&ei=tblrWvi-J8nWvASavpDQDw CHR Profile: C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default [2018-06-22] CHR Extension: (สไลด์) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (เอกสาร) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google ไดรฟ์) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (ชีต) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Skype) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-07] CHR Extension: (Instant Currency Rates) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkedpbemekcoohhlemhmgndcibjmdjmd [2015-12-27] CHR Extension: (ระบบชำระเงินของ Chrome เว็บสโตร์) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15] CHR Extension: (Gmail) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27] CHR Extension: (Chrome Media Router) - C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-22] CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-12-19] (Camshare Inc.) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.) R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-22] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-23] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-23] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-23] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-23] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2246488 2015-11-19] (MediaTek Inc.) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-06-22] () S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X] S3 clwvd7; system32\DRIVERS\clwvd7.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-23 08:24 - 2018-06-23 08:27 - 000015093 _____ C:\Users\HB\Desktop\FRST.txt 2018-06-23 08:08 - 2018-06-23 08:08 - 000003887 _____ C:\Users\HB\Desktop\AdwCleaner.txt 2018-06-23 07:57 - 2018-06-23 08:01 - 000000000 ____D C:\AdwCleaner 2018-06-23 07:45 - 2018-06-23 07:56 - 007372496 _____ (Malwarebytes) C:\Users\HB\Desktop\AdwCleaner.exe 2018-06-23 00:51 - 2018-06-23 00:51 - 000026673 _____ C:\Users\HB\Desktop\mbam.txt 2018-06-23 00:27 - 2018-06-23 00:38 - 000000258 __RSH C:\ProgramData\ntuser.pol 2018-06-22 23:36 - 2018-06-23 08:04 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-06-22 23:36 - 2018-06-23 08:04 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-06-22 23:36 - 2018-06-23 08:04 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-06-22 23:36 - 2018-06-22 23:36 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-06-22 23:35 - 2018-06-23 08:03 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-06-22 23:33 - 2018-06-22 23:33 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-06-22 23:33 - 2018-06-22 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-06-22 23:32 - 2018-06-22 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-06-22 23:32 - 2018-06-22 23:32 - 000000000 ____D C:\Program Files\Malwarebytes 2018-06-22 23:32 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-06-22 23:13 - 2014-05-14 23:23 - 002477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2018-06-22 23:13 - 2014-05-14 23:23 - 000700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2018-06-22 23:13 - 2014-05-14 23:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2018-06-22 23:13 - 2014-05-14 23:23 - 000058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2018-06-22 23:13 - 2014-05-14 23:23 - 000044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2018-06-22 23:13 - 2014-05-14 23:23 - 000038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2018-06-22 23:13 - 2014-05-14 23:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2018-06-22 23:13 - 2014-05-14 23:21 - 002620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2018-06-22 23:13 - 2014-05-14 23:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2018-06-22 23:13 - 2014-05-14 23:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2018-06-22 23:12 - 2014-05-14 09:23 - 000198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2018-06-22 23:12 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2018-06-22 23:12 - 2014-05-14 09:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2018-06-22 23:12 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2018-06-22 23:03 - 2018-06-22 23:03 - 000131572 _____ C:\Users\HB\Desktop\roguekiller.txt 2018-06-22 22:49 - 2018-06-22 22:49 - 000001945 _____ C:\Windows\epplauncher.mif 2018-06-22 22:47 - 2018-06-22 22:48 - 000000000 ____D C:\Program Files\Microsoft Security Client 2018-06-22 22:47 - 2018-06-22 22:47 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2018-06-22 22:47 - 2018-06-22 22:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client 2018-06-22 22:29 - 2018-06-23 08:24 - 000000000 ____D C:\FRST 2018-06-22 22:28 - 2018-06-22 22:40 - 015065792 _____ (Microsoft Corporation) C:\Users\HB\Downloads\mseinstall.exe 2018-06-22 22:22 - 2018-06-22 22:24 - 002412544 _____ (Farbar) C:\Users\HB\Desktop\FRST64.exe 2018-06-22 22:12 - 2018-06-22 23:17 - 074347856 _____ (Malwarebytes ) C:\Users\HB\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5566.exe 2018-06-22 21:40 - 2018-06-22 21:40 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-06-22 21:40 - 2018-06-22 21:40 - 000000000 ____D C:\ProgramData\RogueKiller 2018-06-22 12:09 - 2018-06-22 12:09 - 000000000 ____D C:\Users\HB\AppData\Local\TeamViewer 2018-06-22 12:08 - 2018-06-22 12:08 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-06-22 12:08 - 2018-06-22 12:08 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2018-06-22 12:08 - 2018-06-22 12:08 - 000000000 ____D C:\Users\HB\AppData\Roaming\TeamViewer 2018-06-22 12:07 - 2018-06-23 08:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-06-22 11:47 - 2018-06-22 12:11 - 027075144 _____ (Adlice Software) C:\Users\HB\Desktop\RogueKiller_portable64.exe 2018-06-22 11:41 - 2018-06-22 11:59 - 020367104 _____ (TeamViewer GmbH) C:\Users\HB\Downloads\TeamViewer_Setup.exe 2018-06-22 11:17 - 2018-06-22 12:15 - 000000000 ____D C:\Users\HB\AppData\Roaming\AnyDesk 2018-06-22 11:15 - 2018-06-22 11:17 - 002057928 _____ C:\Users\HB\Downloads\AnyDesk.exe 2018-06-14 16:51 - 2018-06-16 16:12 - 000506450 _____ C:\Windows\ntbtlog.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-23 08:02 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-23 08:01 - 2009-07-14 11:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-23 08:01 - 2009-07-14 11:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-23 06:28 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF 2018-06-23 00:27 - 2016-03-20 17:38 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-23 00:27 - 2016-03-20 17:38 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-06-22 23:18 - 2015-08-27 09:05 - 000000000 ____D C:\ProgramData\Camfrog Update 2018-06-22 23:08 - 2017-07-16 15:19 - 000000000 ____D C:\Users\HB\AppData\Roaming\Tools 2018-06-22 23:08 - 2017-07-16 15:19 - 000000000 ____D C:\ProgramData\tools 2018-06-22 21:39 - 2015-07-27 12:10 - 000261112 _____ C:\Users\HB\AppData\Local\GDIPFONTCACHEV1.DAT 2018-06-22 21:24 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\rescache 2018-06-22 20:58 - 2009-07-14 11:45 - 000808288 _____ C:\Windows\system32\FNTCACHE.DAT 2018-06-22 11:30 - 2015-08-30 14:17 - 000000000 ____D C:\Users\HB\AppData\Roaming\Apple Computer 2018-06-22 11:29 - 2016-03-11 20:16 - 000000000 ____D C:\Users\HB\AppData\Local\Apple Inc 2018-06-22 11:29 - 2015-07-27 11:27 - 000000000 ____D C:\Users\HB 2018-06-22 11:25 - 2015-07-27 11:29 - 000001072 _____ C:\Users\HB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-06-22 11:25 - 2015-07-27 11:29 - 000001042 _____ C:\Users\HB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2018-06-22 10:58 - 2015-08-27 09:06 - 000000000 ____D C:\Users\HB\AppData\Roaming\Skype 2018-06-22 09:52 - 2015-08-27 09:05 - 000000000 ____D C:\Users\HB\AppData\Roaming\Camfrog 2018-06-14 16:59 - 2009-07-14 12:13 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-14 16:59 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf 2018-06-04 11:23 - 2018-03-18 08:46 - 000000000 ____D C:\Users\HB\Desktop\VDO Express 2018-06-04 11:21 - 2015-07-27 11:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-05-30 12:49 - 2016-03-20 17:20 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-30 12:49 - 2016-03-20 17:20 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-12-27 23:15 - 2015-12-27 23:15 - 000000040 _____ () C:\Users\HB\AppData\Roaming\WB.CFG Some files in TEMP: ==================== 2018-06-22 12:15 - 2018-06-22 11:17 - 002057928 _____ () C:\Users\HB\AppData\Local\Temp\AnyDeskUninst1510.exe 2018-06-22 21:40 - 2010-11-21 10:23 - 001731936 _____ (Microsoft Corporation) C:\Users\HB\AppData\Local\Temp\dllnt_dump.dll 2018-03-17 23:12 - 2018-03-17 23:12 - 001864256 _____ (Oracle Corporation) C:\Users\HB\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-01-27 13:38 - 2018-04-14 18:24 - 058834376 _____ (Skype Technologies S.A.) C:\Users\HB\AppData\Local\Temp\SkypeSetup.exe 2018-06-04 11:20 - 2007-11-29 18:05 - 000501024 _____ (Corel Corporation) C:\Users\HB\AppData\Local\Temp\Uninst.exe 2018-06-04 11:21 - 2008-10-01 12:40 - 000453720 _____ (Macrovision Corporation) C:\Users\HB\AppData\Local\Temp\_is9217.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2010-11-21 10:24] - [2010-11-21 10:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2015-07-27 11:32] - [2015-07-27 11:32] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-22 09:40 ==================== End of FRST.txt ============================
  14. # ------------------------------- # Malwarebytes AdwCleaner 7.2.0.0 # ------------------------------- # Build: 06-05-2018 # Database: 2018-04-24.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: ๐๖-๒๓-๒๐๑๘ # Duration: ๐๐:๐๐:๐๗ # OS: Windows 7 Ultimate # Cleaned: 32 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\Public\Documents\Guid Deleted C:\Users\Public\Documents\pc faster Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService ***** [ Files ] ***** Deleted C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\searchplugins\default.xml Deleted C:\Windows\System32\LavasoftTcpService64.dll Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\vSnapshotEncodeTools Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted HKLM\Software\DtsEncodeTools Deleted HKLM\Software\Wow6432Node\Classes\AppID\LavasoftTcpService.exe Deleted HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe Deleted HKLM\Software\Wow6432Node\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} Deleted HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} ***** [ Chromium (and derivatives) ] ***** Deleted Secured Search Extension ***** [ Chromium URLs ] ***** Deleted ?<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4 Deleted ?<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** Deleted http://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggadloLVQ8UExgWJgBeTA1DQFEOeV1aURRGQAcSeA9eUQlAQ1YFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA== Deleted http://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggadloLVQ8UExgWJgBeTA1DQFEOeV1aURRGQAcSeA9eUQlAQ1YFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA== ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [4289 octets] - [๒๓/๐๖/๒๐๑๘ ๐๗:๕๘:๕๖] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  15. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/22/18 Scan Time: 11:49 PM Log File: 4d2f7a9e-763c-11e8-9dc3-00235aefaec6.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5584 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: HB-PC\HB -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 254998 Threats Detected: 150 Threats Quarantined: 150 Time Elapsed: 28 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 23 PUP.Optional.Updater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr DiscoveryApp, Quarantined, [967], [244363],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [35], [-1],0.0.0 PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [35], [-1],0.0.0 PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr DiscoveryApp, Quarantined, [35], [181194],1.0.5584 PUP.Optional.Pakilan, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\LJIBKIGJCCBEGNBEOJKOAFEJPOIACHEJ, Quarantined, [2394], [186515],1.0.5584 PUP.Optional.Pakilan, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\LJIBKIGJCCBEGNBEOJKOAFEJPOIACHEJ, Quarantined, [2394], [186515],1.0.5584 PUP.Optional.Pakilan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ljibkigjccbegnbeojkoafejpoiachej, Quarantined, [2394], [186515],1.0.5584 PUP.Optional.Palikan, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [306], [241488],1.0.5584 PUP.Optional.YahooVNM, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Quarantined, [6909], [245144],1.0.5584 PUP.Optional.Wajam.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [7252], [-1],0.0.0 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [209], [169167],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [35], [160141],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [35], [160141],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, Quarantined, [35], [160137],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, Quarantined, [35], [160137],1.0.5584 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [209], [169167],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}, Quarantined, [35], [160138],1.0.5584 PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}, Quarantined, [35], [160138],1.0.5584 PUP.Optional.Spigot, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [172], [161091],1.0.5584 PUP.Optional.Spigot, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [172], [161091],1.0.5584 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [209], [169167],1.0.5584 Registry Value: 14 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|, Quarantined, [306], [241488],1.0.5584 PUP.Optional.Palikan, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DISPLAYNAME, Quarantined, [306], [241488],1.0.5584 PUP.Optional.YahooVNM, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, Quarantined, [6909], [245144],1.0.5584 PUP.Optional.YahooVNM, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|TOPRESULTURL, Quarantined, [6909], [245144],1.0.5584 PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr DiscoveryApp|IMAGEPATH, Quarantined, [35], [255243],1.0.5584 PUP.Optional.Wajam.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\879e3774ae423bf7e29c1f1f2d80a6cb|DISPLAYNAME, Quarantined, [7252], [262194],1.0.5584 PUP.Optional.Wajam.Gen, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [7252], [-1],0.0.0 PUP.Optional.Wajam.Gen, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [7252], [-1],0.0.0 PUP.Optional.Wajam.Gen, HKU\S-1-5-21-1515187560-3786592396-2126830365-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [7252], [-1],0.0.0 PUP.Optional.Wajam.Gen, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [7252], [-1],0.0.0 PUP.Optional.Wajam.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\879e3774ae423bf7e29c1f1f2d80a6cb|PUBLISHER, Quarantined, [7252], [262194],1.0.5584 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 24 PUP.Optional.WeatherTool, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool\dump, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.WeatherTool, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WEATHERTOOL, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.WeatherTool, C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool\dump, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.WeatherTool, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WEATHERTOOL, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.Updater, C:\PROGRAM FILES (X86)\COMMON FILES\653ac11b-b606-42c5-b357-bca0fd28d1cd, Quarantined, [967], [244363],1.0.5584 PUP.Optional.Yontoo, C:\PROGRAMDATA\653AC11B-B606-42C5-B357-BCA0FD28D1CD, Quarantined, [35], [181193],1.0.5584 PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\COMMON FILES\653AC11B-B606-42C5-B357-BCA0FD28D1CD, Quarantined, [35], [181194],1.0.5584 PUP.Optional.Yontoo, C:\Program Files (x86)\Discovery App\Extensions, Quarantined, [35], [181195],1.0.5584 PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\DISCOVERY APP, Quarantined, [35], [181195],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\META-INF, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\USERS\HB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXKDD0ZL.DEFAULT\EXTENSIONS\{D3B9472C-F8B1-4A10-935B-1087BAC8417F}, Quarantined, [172], [181388],1.0.5584 PUP.Optional.vSnapShot, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\vSnapshot\dump, Quarantined, [4390], [495671],1.0.5584 PUP.Optional.vSnapShot, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT, Quarantined, [4390], [495671],1.0.5584 Adware.Cmptch.Generic, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\_metadata, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\icons, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MMDKDNCIGPLHKBHCFIFNIMPDFICJHHNN, Quarantined, [14279], [503837],1.0.5584 File: 89 PUP.Optional.WeatherTool, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WEATHERTOOL\DUMP\BUGREPORTCONFIG.INI, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.WeatherTool, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\WEATHERTOOL\DUMP\BUGREPORTCONFIG.INI, Quarantined, [3602], [244740],1.0.5584 PUP.Optional.Updater, C:\PROGRAM FILES (X86)\COMMON FILES\653ac11b-b606-42c5-b357-bca0fd28d1cd\Updater.exe, Quarantined, [967], [244363],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\PALIKAN.ICO, Quarantined, [306], [255721],1.0.5584 PUP.Optional.Yontoo, C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd\temp, Quarantined, [35], [181193],1.0.5584 PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [35], [-1],0.0.0 PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [35], [-1],0.0.0 PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarantined, [35], [-1],0.0.0 PUP.Optional.Yontoo, C:\Program Files (x86)\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd\Updater.exe, Quarantined, [35], [181194],1.0.5584 PUP.Optional.Yontoo, C:\Program Files (x86)\Discovery App\Extensions\{5a370f7a-5e1f-4f2b-99e4-eb314e4e5240}.xpi, Quarantined, [35], [181195],1.0.5584 PUP.Optional.Yontoo, C:\Program Files (x86)\Discovery App\7za.exe, Quarantined, [35], [181195],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\config.json, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\main.js, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\prefs.txt, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\savingsslider.js, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\savingsslider.xul, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome\content\spigot.js, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\META-INF\manifest.mf, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\META-INF\mozilla.rsa, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\META-INF\mozilla.sf, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\chrome.manifest, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\icon.png, Quarantined, [172], [181388],1.0.5584 PUP.Optional.Spigot, C:\Users\HB\AppData\Roaming\Mozilla\Firefox\Profiles\oxkdd0zl.default\extensions\{d3b9472c-f8b1-4a10-935b-1087bac8417f}\install.rdf, Quarantined, [172], [181388],1.0.5584 PUP.Optional.vSnapShot, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT\DUMP\BUGREPORTCONFIG.INI, Quarantined, [4390], [495671],1.0.5584 PUP.Optional.Pakilan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2394], [186515],1.0.5584 PUP.Optional.Spigot, C:\USERS\HB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXKDD0ZL.DEFAULT\PREFS.JS, Replaced, [172], [301667],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\000003.log, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\CURRENT, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\LOCK, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\LOG, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\LOG.old, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmdkdncigplhkbhcfifnimpdficjhhnn\MANIFEST-000001, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MMDKDNCIGPLHKBHCFIFNIMPDFICJHHNN\1.0.18.104_0\MANIFEST.JSON, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\icons\128.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\icons\16.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\icons\32.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\icons\48.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-icons_222222_256x240.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-icons_2e83ff_256x240.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-icons_454545_256x240.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-icons_888888_256x240.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\images\ui-icons_cd0a0a_256x240.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\jquery-3.2.1.min.js, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\jquery-ui.css, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\jquery-ui.js, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\on-off-switch.css, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\lib\on-off-switch.js, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images\bar.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images\close.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images\incognito.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images\logo.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\images\logotop.png, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\blank.css, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\blank.html, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\learnmore.css, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\newtab\learnmore.html, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\_metadata\computed_hashes.json, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\_metadata\verified_contents.json, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\background.js, Quarantined, [14279], [503837],1.0.5584 Adware.Cmptch.Generic, C:\Users\HB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdkdncigplhkbhcfifnimpdficjhhnn\1.0.18.104_0\content.js, Quarantined, [14279], [503837],1.0.5584 PUP.Optional.Yontoo, C:\USERS\HB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXKDD0ZL.DEFAULT\SEARCHPLUGINS\DEFAULT.XML, Quarantined, [35], [302262],1.0.5584 Trojan.MicroFake, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\357D5C4CC7A1A1AA.VIR, Quarantined, [13981], [267134],1.0.5584 PUP.Optional.WeatherTool, C:\USERS\HB\APPDATA\ROAMING\VDOWNLOADER\BD3F3836CAE34063951271D339F3516F\WEATHERMINI_TH.EXE, Quarantined, [3602], [77380],1.0.5584 Adware.TopTools, C:\USERS\HB\APPDATA\LOCAL\TEMP\1529683684.EXE, Quarantined, [7909], [495713],1.0.5584 PUP.Optional.Trovi, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [383], [454808],1.0.5584 PUP.Optional.Trovi, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [383], [454808],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [306], [455278],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [306], [455278],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [306], [455278],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [306], [455278],1.0.5584 Adware.Elex.ShrtCln, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [246], [454711],1.0.5584 Adware.Elex.ShrtCln, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [246], [454711],1.0.5584 PUP.Optional.Conduit, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [220], [454835],1.0.5584 PUP.Optional.Delta, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [271], [455071],1.0.5584 PUP.Optional.Delta, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [271], [455071],1.0.5584 PUP.Optional.Trovi, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [383], [454808],1.0.5584 PUP.Optional.Palikan, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [306], [455278],1.0.5584 PUP.Optional.Delta, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [271], [455071],1.0.5584 PUP.Optional.Delta, C:\USERS\HB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [271], [455071],1.0.5584 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
×