- Oct 19, 2017
- 13
Counterflix...
- Thread starter Ender Hugo
- Start date
- Mar 8, 2013
- 22,627
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
Download
Malwarebytes Anti-Rootkit to your desktop.
- Double-click the icon to start the tool.
- It will ask you where to extract it, then it will start.
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Click in the introduction screen "next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
- Oct 19, 2017
- 13
- Oct 19, 2017
- 13
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
Very good 
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Oct 19, 2017
- 13
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
Yeah, anti-rootkit is very powerful. There are plenty of things still left to be removed so let's continue:
Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your Desktop.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Please download Zemana AntiMalware and save it to your Desktop.
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam.
- Click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Start Scan.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the Reports tab.
- Double-click the Scan Log.
- At the bottom click Export and choose Text file.
Please download AdwCleaner by Xplode and save the file to your Desktop.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Accept the Terms of use.
- Wait until the database is updated.
- Click Scan.
- When finished, please click Clean.
- Your PC should reboot now.
- After reboot, logfile will be opened. Copy its content into your next reply.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Please download Zemana AntiMalware and save it to your Desktop.
- Install the program and once the installation is complete it will start automatically.
- Without changing any options, press Scan to begin.
- After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
- Open Zemana AntiMalware again.
- Click on
icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
- The only left thing is to attach saved report in your next message.
- Oct 19, 2017
- 13
# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 00:26:21 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 10 Home Single Language (X64)
# Mode: scan
# Support: Customer Support & Help Center
***** [ Services ] *****
PUP.Optional.Legacy, PCSUService
PUP.Optional.Legacy, SparkSvc
PUP.Optional.Legacy, SparkUpdater
PUP.Optional.CPUMiner, WinDriverSvc
***** [ Folders ] *****
PUP.Optional.uBar, C:\Program Files\uBar
PUP.Optional.Legacy, C:\Users\Public\Documents\dmp
PUP.Optional.Legacy, C:\Program Files (x86)\Prompt Downloader
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Local\Prompt Downloader
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt Downloader
PUP.Optional.Legacy, C:\ProgramData\pc faster
PUP.Optional.Legacy, C:\Program Files (x86)\pc faster
PUP.Optional.Legacy, C:\Users\All Users\pc faster
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\pc faster
PUP.Optional.Legacy, C:\Users\Public\Documents\pc faster
PUP.Optional.Legacy, C:\Users\Todos os Usuários\pc faster
PUP.Optional.Legacy, C:\Users\Public\Documents\Guid
PUP.Optional.Legacy, C:\Program Files (x86)\DiskP
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Usuário Padrão\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\ProgramData\devnull
PUP.Optional.Legacy, C:\Users\All Users\devnull
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\devnull
PUP.Optional.Legacy, C:\Users\Todos os Usuários\devnull
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software
Adware.Trotux, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
Trojan.Bunitu, C:\Program Files (x86)\ppt
PUP.Optional.FileViewPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
PUP.Optional.TXQQBrowser, C:\Program Files (x86)\QQBrowser
PUP.Adware.Heuristic, C:\ProgramData\730a0536
PUP.Adware.Heuristic, C:\ProgramData\HwinpH
PUP.Adware.Heuristic, C:\ProgramData\nWdMn
PUP.Adware.Heuristic, C:\ProgramData\Service5184
***** [ Files ] *****
PUP.Optional.Legacy, C:\ProgramData\Duplicaterecord.js
PUP.Optional.Legacy, C:\Users\All Users\Duplicaterecord.js
PUP.Optional.Legacy, C:\Users\Todos os Usuários\Duplicaterecord.js
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\SysNative\log\iSafeKrnlCall.log
PUP.Optional.Legacy, C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\All Users\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\invalidprefs.js
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\nice.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\luck.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\invalidprefs.js
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\searchplugins\nice.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\searchplugins\luck.xml
Adware.ChinAd, C:\Windows\SysNative\drivers\cfidsk.sys
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, Microsoft\Windows\Apps\UpService
PUP.Optional.Legacy, Browser Updater Task(Core)
PUP.Optional.Legacy, SparkUpdater
PUP.Optional.Legacy, sparkupdater
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d234jr1v61uxpn.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d347r6gnj453cs.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\onclickads.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wonderlandads.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d234jr1v61uxpn.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d347r6gnj453cs.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\onclickads.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wonderlandads.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {80465ADF-B45C-4DAE-85E0-A6E021422A43}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D7C16B1-2BB9-40F2-9703-54456C296E04}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8FFC5494-09D7-4D65-8B12-5F966CA7EBF6}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKCU\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\hdcode
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKCU\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\TSv
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKCU\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WinZiper
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\UBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\devnull
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | pcmgr
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | YeaDesktop
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | SpeeDownloader
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | pcspeedup
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Plumbytes Anti-Malware
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | DiskPower
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 10 Home Single Language (X64)
# Mode: scan
# Support: Customer Support & Help Center
***** [ Services ] *****
PUP.Optional.Legacy, PCSUService
PUP.Optional.Legacy, SparkSvc
PUP.Optional.Legacy, SparkUpdater
PUP.Optional.CPUMiner, WinDriverSvc
***** [ Folders ] *****
PUP.Optional.uBar, C:\Program Files\uBar
PUP.Optional.Legacy, C:\Users\Public\Documents\dmp
PUP.Optional.Legacy, C:\Program Files (x86)\Prompt Downloader
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Local\Prompt Downloader
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt Downloader
PUP.Optional.Legacy, C:\ProgramData\pc faster
PUP.Optional.Legacy, C:\Program Files (x86)\pc faster
PUP.Optional.Legacy, C:\Users\All Users\pc faster
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\pc faster
PUP.Optional.Legacy, C:\Users\Public\Documents\pc faster
PUP.Optional.Legacy, C:\Users\Todos os Usuários\pc faster
PUP.Optional.Legacy, C:\Users\Public\Documents\Guid
PUP.Optional.Legacy, C:\Program Files (x86)\DiskP
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\Users\Usuário Padrão\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\ProgramData\devnull
PUP.Optional.Legacy, C:\Users\All Users\devnull
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\devnull
PUP.Optional.Legacy, C:\Users\Todos os Usuários\devnull
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software
Adware.Trotux, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
Trojan.Bunitu, C:\Program Files (x86)\ppt
PUP.Optional.FileViewPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
PUP.Optional.TXQQBrowser, C:\Program Files (x86)\QQBrowser
PUP.Adware.Heuristic, C:\ProgramData\730a0536
PUP.Adware.Heuristic, C:\ProgramData\HwinpH
PUP.Adware.Heuristic, C:\ProgramData\nWdMn
PUP.Adware.Heuristic, C:\ProgramData\Service5184
***** [ Files ] *****
PUP.Optional.Legacy, C:\ProgramData\Duplicaterecord.js
PUP.Optional.Legacy, C:\Users\All Users\Duplicaterecord.js
PUP.Optional.Legacy, C:\Users\Todos os Usuários\Duplicaterecord.js
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\SysNative\log\iSafeKrnlCall.log
PUP.Optional.Legacy, C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\All Users\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\invalidprefs.js
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\nice.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\luck.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\invalidprefs.js
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\searchplugins\nice.xml
PUP.Optional.Legacy, C:\Users\Ender_Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\5hsfgdeb.default-1457391237291\searchplugins\luck.xml
Adware.ChinAd, C:\Windows\SysNative\drivers\cfidsk.sys
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, Microsoft\Windows\Apps\UpService
PUP.Optional.Legacy, Browser Updater Task(Core)
PUP.Optional.Legacy, SparkUpdater
PUP.Optional.Legacy, sparkupdater
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d234jr1v61uxpn.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d347r6gnj453cs.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\onclickads.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wonderlandads.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d234jr1v61uxpn.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d347r6gnj453cs.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\funsafetab.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\onclickads.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wonderlandads.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {80465ADF-B45C-4DAE-85E0-A6E021422A43}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D7C16B1-2BB9-40F2-9703-54456C296E04}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8FFC5494-09D7-4D65-8B12-5F966CA7EBF6}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKCU\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\hdcode
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKCU\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\TSv
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKCU\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WinZiper
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\UBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\devnull
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | pcmgr
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | YeaDesktop
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | SpeeDownloader
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3755472278-2447889109-3489952286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | pcspeedup
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Plumbytes Anti-Malware
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | DiskPower
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
- Oct 19, 2017
- 13
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
How is your computer behaving now?
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
Okay, the final cleanup and you're good to go
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please attach it to your reply.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
- Oct 19, 2017
- 13
- Mar 8, 2013
- 22,627
- Oct 19, 2017
- 13
Similar threads
- Locked
