Malware Removal Assistance Needed

[Micheal salami]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Thollu (administrator) on DESKTOP-HV4MIBU (29-06-2017 22:11:41)
Running from C:\Users\Thollu\Downloads
Loaded Profiles: Thollu (Available Profiles: Thollu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Tanuki Software, Ltd.) C:\ManageEngine\PMP\bin\wrapper.exe
(Oracle Corporation) C:\ManageEngine\PMP\jre\bin\java.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe
(tuxler.com) C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe
(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
() C:\ManageEngine\PMP\PMP.exe
() C:\Program Files (x86)\Tuxler Proxy\privoxy\privoxy.exe
(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [Tuxler] => C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe [2093056 2017-04-11] (tuxler.com)
HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2017-05-21] (Tencent)
HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [NSYBCV4OS03F6KS] => C:\Program Files\70M1O7OBD9\KPTGW7UCC.exe [1040384 2017-06-29] (1BZQ)
HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [wenc0pexoba] => C:\Users\Thollu\AppData\Roaming\pjassdfnj0p\izpqsndqqpl.exe [8192 2017-06-29] ()
Startup: C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMP Service Manager.lnk [2017-06-12]
ShortcutTarget: PMP Service Manager.lnk -> C:\ManageEngine\PMP\PMP.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-694308185-4116531498-1042364220-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-694308185-4116531498-1042364220-1001] => http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{384595c0-cf1d-48ca-b657-fe423262bd73}: [DhcpNameServer] 192.168.43.1
ManualProxies: 1http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826

FireFox:
========
FF DefaultProfile: bb82mb5q.default
FF ProfilePath: C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default [2017-06-29]
FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks", "209.122.193.17"
FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks_port", 14203
FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> type", 0
FF Extension: (Fast search) - C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default\Extensions\amcontextmenu@loucypher [2017-06-29]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-05-21] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-05-21] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Docs) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1045736 2016-07-20] (Broadcom Corporation)
S2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42216 2016-07-20] (Broadcom Corporation)
R2 PMP; C:\ManageEngine\PMP\bin\wrapper.exe [636184 2017-06-02] (Tanuki Software, Ltd.)
S2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [257760 2016-07-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R1 MpKsl53a34beb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30148130-E750-454E-9832-734D78EF9E59}\MpKsl53a34beb.sys [44928 2017-06-29] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 22:11 - 2017-06-29 22:12 - 00010180 _____ C:\Users\Thollu\Downloads\FRST.txt
2017-06-29 22:11 - 2017-06-29 22:11 - 00000000 ____D C:\FRST
2017-06-29 22:10 - 2017-06-29 22:10 - 02440704 _____ (Farbar) C:\Users\Thollu\Downloads\FRST64.exe
2017-06-29 16:07 - 2017-06-29 21:15 - 00000000 ____D C:\ProgramData\Avg
2017-06-29 16:07 - 2017-06-29 21:14 - 00000000 ____D C:\Users\Thollu\AppData\Local\AvgSetupLog
2017-06-29 16:07 - 2017-06-29 16:07 - 00000000 ____D C:\Users\Thollu\AppData\Local\Avg
2017-06-29 16:06 - 2017-06-29 16:07 - 03449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Thollu\Downloads\Antivirus_Free_1856.exe
2017-06-29 10:44 - 2017-06-29 10:44 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-06-29 10:40 - 2017-06-29 10:40 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\pjassdfnj0p
2017-06-29 10:39 - 2017-06-29 10:40 - 00000000 ____D C:\Program Files\70M1O7OBD9
2017-06-29 10:37 - 2017-06-29 10:43 - 00004318 _____ C:\ProgramData\_lg.1sap
2017-06-29 10:37 - 2017-06-29 10:43 - 00000128 _____ C:\ProgramData\_lg.2sap
2017-06-25 21:53 - 2017-06-25 21:59 - 00000000 ____D C:\Users\Thollu\Desktop\New folder (2)
2017-06-25 21:51 - 2017-06-25 21:52 - 00000000 ____D C:\Users\Thollu\Desktop\New folder
2017-06-23 06:37 - 2017-06-23 06:41 - 00000000 ____D C:\Users\Thollu\Desktop\site pics
2017-06-23 06:31 - 2017-06-23 06:34 - 136668472 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iCloudSetup.exe
2017-06-12 14:23 - 2017-06-29 20:07 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7CC7FA45-8F64-47D3-846F-6DCCA7346F25}
2017-06-12 14:22 - 2017-06-12 14:22 - 00000000 ____D C:\ProgramData\Oracle
2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro
2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro
2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ManageEngine
2017-06-12 13:57 - 2017-06-12 14:14 - 156035160 _____ (ZOHO Corp.) C:\Users\Thollu\Downloads\ManageEngine_PMP_64bit.exe
2017-06-10 02:27 - 2017-06-29 10:50 - 00000000 ___HD C:\Users\Thollu\Desktop\pic
2017-06-10 00:43 - 2017-06-10 00:43 - 00000654 _____ C:\Users\Public\Desktop\UDC Output Files.lnk
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ___RD C:\Users\Thollu\Documents\UDC Output Files
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\UDC Profiles
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Document Converter
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Program Files (x86)\Universal Document Converter
2017-06-10 00:43 - 2016-11-05 13:58 - 00042456 _____ (fCoder Group, Inc.) C:\WINDOWS\system32\udcpm.dll
2017-06-10 00:43 - 2015-02-04 19:00 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2017-06-10 00:42 - 2017-06-10 00:43 - 24290480 _____ (fCoder SIA ) C:\Users\Thollu\Downloads\udc.exe
2017-06-10 00:27 - 2017-06-10 00:27 - 01130328 _____ (Google Inc.) C:\Users\Thollu\Downloads\ChromeSetup(1).exe
2017-06-10 00:14 - 2017-06-10 00:14 - 00064078 _____ C:\Users\Thollu\Downloads\p1.html
2017-06-09 23:28 - 2017-06-09 23:28 - 01316354 _____ C:\Users\Thollu\Downloads\jv020ssw.zip
2017-06-08 04:54 - 2017-06-08 04:54 - 00000000 ____D C:\Users\Thollu\Downloads\KPortScan 3.0
2017-06-08 04:45 - 2017-06-08 11:35 - 05124905 _____ C:\Users\Thollu\Downloads\KPortScan 3.0.zip
2017-06-08 04:14 - 2017-06-08 04:14 - 00000000 ____D C:\Users\Thollu\Downloads\DUBrute.2.2 with private user and pass list
2017-06-08 03:58 - 2017-06-08 03:58 - 00002532 _____ C:\Users\Thollu\Downloads\new1.txt
2017-06-08 02:17 - 2017-06-12 14:56 - 00000000 ____D C:\Users\Thollu\.zenmap
2017-06-08 02:17 - 2017-06-08 03:33 - 00001032 _____ C:\Users\Thollu\Desktop\Nmap - Zenmap GUI.lnk
2017-06-08 02:17 - 2017-06-08 02:17 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2017-06-08 02:15 - 2017-06-08 02:15 - 00000000 ____D C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou )
2017-06-08 02:13 - 2017-06-08 02:14 - 24475972 _____ C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou ).rar
2017-06-08 00:54 - 2017-06-08 00:54 - 00000000 _____ C:\Users\Thollu\Downloads\vnc1.txt
2017-06-08 00:44 - 2017-06-08 00:44 - 00000000 ____D C:\Program Files\WinPcap
2017-06-08 00:42 - 2017-06-08 02:17 - 00000000 ____D C:\Program Files (x86)\Nmap
2017-06-08 00:15 - 2017-06-13 21:18 - 00002240 ____H C:\Users\Thollu\Documents\Default.rdp
2017-06-07 21:37 - 2017-06-07 22:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Apple Computer
2017-06-07 21:37 - 2017-06-07 21:37 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple Computer
2017-06-07 21:36 - 2017-06-07 21:36 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-07 21:36 - 2017-06-07 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-07 21:33 - 2017-06-07 21:36 - 00000000 ____D C:\Program Files\iTunes
2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\ProgramData\Apple Computer
2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\Program Files\iPod
2017-06-07 21:30 - 2017-06-07 21:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple
2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Bonjour
2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-06-07 21:29 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-07 21:28 - 2017-06-07 21:30 - 00000000 ____D C:\ProgramData\Apple
2017-06-07 20:59 - 2017-06-07 21:25 - 259195720 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iTunes64Setup.exe
2017-06-07 00:12 - 2017-06-07 00:38 - 229151198 _____ C:\Users\Thollu\Downloads\Journey-to-the-West_-The-Demons-Strike-Back--2017----HDRip----mycoolmoviez.net.mp4
2017-06-05 02:28 - 2017-06-05 02:43 - 188165558 _____ C:\Users\Thollu\Downloads\Drone--2017----HDRip----mycoolmoviez.net.mp4
2017-06-02 20:48 - 2017-06-02 20:49 - 00003129 _____ C:\Users\Thollu\Downloads\Quickteller -GoTV
2017-06-01 20:05 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-06-01 20:05 - 2017-06-08 01:13 - 00000000 ____D C:\ProgramData\BlueStacks
2017-06-01 19:18 - 2017-06-01 20:05 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\Thollu\Downloads\BlueStacks2_native.exe
2017-05-30 18:18 - 2017-06-03 09:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Adobe
2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\CEF
2017-05-30 18:17 - 2017-05-30 18:20 - 00000000 ____D C:\ProgramData\Adobe
2017-05-30 18:17 - 2017-05-30 18:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-30 18:17 - 2017-05-30 18:17 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\Users\Public\Thunder Network
2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\ProgramData\Thunder Network
2017-05-30 17:46 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files\TrueKey
2017-05-30 17:41 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\Adobe
2017-05-30 17:32 - 2017-05-30 17:33 - 01677255 _____ C:\Users\Thollu\Downloads\CE_TUMAsia_UndergraduateProgrammes_AY1416.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 15:53 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-29 15:37 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Mozilla
2017-06-29 15:36 - 2017-05-21 23:22 - 00000000 ____D C:\Users\Thollu\Documents\Tencent Files
2017-06-29 12:28 - 2017-04-03 04:50 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-29 10:41 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu
2017-06-29 10:41 - 2017-04-03 05:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-29 10:41 - 2017-04-03 05:07 - 00009900 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2017-06-29 10:41 - 2017-04-03 04:39 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-29 10:33 - 2017-04-02 10:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-29 10:33 - 2017-04-02 10:53 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 09:13 - 2017-05-27 18:53 - 00001023 _____ C:\Users\Thollu\Desktop\VirtualDJ 8.lnk
2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-25 22:57 - 2017-05-27 18:53 - 00000000 ____D C:\Users\Thollu\Documents\VirtualDJ
2017-06-24 23:22 - 2017-04-03 04:49 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 06:43 - 2017-04-03 05:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-22 22:09 - 2017-04-03 04:43 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-22 16:13 - 2017-04-02 01:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-22 16:11 - 2017-04-02 01:14 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-20 17:47 - 2017-04-24 01:25 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 17:47 - 2017-04-03 05:21 - 00002366 _____ C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 17:47 - 2017-04-03 05:21 - 00000000 ___RD C:\Users\Thollu\OneDrive
2017-06-14 22:48 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-12 14:50 - 2017-04-03 07:46 - 00000000 ____D C:\Users\Thollu\.android
2017-06-08 01:12 - 2017-04-03 04:50 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-08 01:10 - 2017-05-19 08:27 - 00000000 ____D C:\Users\Thollu\AppData\Local\Bluestacks
2017-06-06 21:30 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\vlc
2017-06-04 21:14 - 2017-05-27 18:53 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2017-06-03 04:07 - 2017-04-03 04:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 04:07 - 2017-04-03 04:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 20:10 - 2017-04-03 07:42 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-31 09:03 - 2017-04-03 04:57 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-30 21:45 - 2017-04-02 01:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 18:18 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2017-06-29 10:37 - 2017-06-29 10:43 - 0004318 _____ () C:\ProgramData\_lg.1sap
2017-06-29 10:37 - 2017-06-29 10:43 - 0000128 _____ () C:\ProgramData\_lg.2sap
2017-06-29 10:44 - 2017-06-29 10:44 - 0000004 _____ () C:\ProgramData\_lg.3sap

Some files in TEMP:
====================
2017-06-08 01:10 - 2017-05-24 07:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Common.dll
2017-06-08 01:10 - 2017-05-24 07:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-InstallerUtils.dll
2017-06-08 01:10 - 2017-05-24 07:54 - 0187416 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-LibraryHandler.dll
2017-05-19 08:27 - 2017-05-24 07:53 - 0246808 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-Logger-Native.dll
2017-05-19 08:27 - 2016-01-07 08:52 - 0128536 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-ShortcutHandler.dll
2017-06-08 01:10 - 2017-05-24 07:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Uninstaller.exe
2017-04-02 11:35 - 2017-04-02 11:35 - 0469256 _____ (Microsoft Corporation) C:\Users\Thollu\AppData\Local\Temp\InstallManager_GEN_GEN.exe
2017-06-29 10:36 - 2017-06-29 10:36 - 0382144 _____ () C:\Users\Thollu\AppData\Local\Temp\msclean.exe
2017-05-24 02:42 - 2017-05-24 02:42 - 0031096 _____ (Tencent) C:\Users\Thollu\AppData\Local\Temp\qqsafeud.exe
2017-05-19 08:27 - 2016-01-07 04:26 - 0495128 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\uninstall.exe
2017-06-04 21:13 - 2017-06-04 21:13 - 0084216 _____ () C:\Users\Thollu\AppData\Local\Temp\VirtualDJ New Version.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-24 18:43

==================== End of FRST.txt ============================

 

[TwinHeadedEagle]

Hello,


Please attach both reports, not copy, but upload as a file.

 

[Micheal salami]

I had to copy and paste because it seems like the files are not uploading. I have tried a lot of times but i do not know why it is not working.

 

[TwinHeadedEagle]

Can you upload here and provide download links?

Zippyshare.com - Free File Hosting

 

[Micheal salami]

FRST.txt

Addition.txt

I have done that and those are the links attached

 

[TwinHeadedEagle]

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 

[Micheal salami]

# AdwCleaner v6.047 - Logfile created 02/07/2017 at 18:40:27
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Thollu - DESKTOP-HV4MIBU
# Running from : C:\Users\Thollu\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : Customer Support & Help Center



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Thollu\AppData\Roaming\Tencent
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[-] Folder deleted: C:\Users\Public\Documents\Tencent
[-] Folder deleted: C:\Program Files (x86)\Tencent
[-] Folder deleted: C:\Program Files (x86)\Common Files\Tencent
[-] Folder deleted: C:\Users\Thollu\AppData\Local\Temp\Tencent
[-] Folder deleted: C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default\extensions\amcontextmenu@loucypher


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-694308185-4116531498-1042364220-1001\Software\Classes\Tencent
[#] Key deleted on reboot: HKCU\Software\Classes\Tencent
[-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
[-] Key deleted: HKLM\SOFTWARE\Classes\Tencent
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Tencent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Tencent
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\howtosimplified.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\howtosimplified.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[-] Value deleted: HKU\S-1-5-21-694308185-4116531498-1042364220-1001\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npchrome


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4398 Bytes] - [02/07/2017 18:40:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [4434 Bytes] - [02/07/2017 18:38:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4544 Bytes] ##########

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Micheal salami]

FRST.txt

Addition.txt

That is the new scan you requested. Just so you should know i still get the pop ups from the internet explorer to different websites

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Micheal salami]

Fixlog.txt

that is the fixlog

 

[TwinHeadedEagle]

How is the situation now?