# Windows 10: My windows taskbar isnt working normally, and other problems

### #1 Daniel_Galhoz

Daniel_Galhoz

Posted 04 November 2016 - 04:51 PM

2 days ago, I opened a .exe file, and it came with a virus/malware. It was puttig pop-ups in my screen and istalling programs that i didnt wanted.

Then i instaled Malwarebytes Anti-Malware and it removed that malware, but i still got some problems

The problems that i know i still have consist in:

.The windows taskbar dont work like it used too ( right button dont work above the icons/applications, i cant use the search and the "windows button dont work);

. I can ear a sound coming from my pc stereo every 3-4 minutes ( i think is the windows sound)

.When i open a new chrome page it opens in this link : "file:///C:/PROGRA~2/Google/Chrome/APPLIC~1/54.0.2840.71/"

I also would like a recomendation about a good free antivirus or another program to track back another possible virus that i could have.

### #2 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 04 November 2016 - 04:54 PM

Here are the logs.

### #3 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 08 November 2016 - 05:35 PM

Sorry for the wait. Sometimes we get overwhelmed. Some things to keep in mind:
• Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
• Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
• If at any time my instructions are not clear stop and ask for clarification.
• Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
• Any program that I ask you run should only be run once.
• As soon as your computer is clean I will let you know.
• Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
• Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
So give me a bit of time to go over those logs.
### #4 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 12 November 2016 - 09:34 AM

Let's get started.

Going over your logs I noticed that you have uTorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
• It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstalluTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via ]Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Another scan.

CKScanner

• Double click CKScanner
• Select Search For Files
• Once completed select Save List to File
• ckfiles.txt document will be placed on your Desktop
• Copy and paste the results of that report in your reply

I need a closer look at some files.

• On the page you'll find a "Choose File" button.
Click on the Choose File button.
• In theChoose File to Upload window which opens, copy and paste this into the File Name box.

C:\Users\Gamer-PC\AppData\Roaming\Dretipy\Sherfiward.dll

• Next, click the Open button.
• Then click the "Scan It!" button just below
• This will scan the file. Please be patient.
• If you get a message sayingFile has already been analyzed: click Reanalyze file now
• Once scanned, copy and paste the link to the result page for this file in your next reply.

Now do the same for each of these:

C:\WINDOWS\SysWOW64\GameMon.des
C:\Program Files (x86)\Verherck\kssModule.dll
C:\WINDOWS\System32\drivers:ucdrv-x64.sys
C:\WINDOWS\SysWOW64\chtbrkg.dll
C:\WINDOWS\system32\chtbrkg.dll
C:\Users\Gamer-PC\AppData\Roaming\svchost.exe
C:\Program Files (x86)\SMTP Service\smtpsv.exe
C:\Program Files (x86)\1CE1C140-1478128637-11DD-B3ED-1CB72CB1C192\ka6pqa.dll
C:\users\gamer-pc\desktop\fcro0.12.34x64-mpcg\bin\x64\factorio.exe
C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe


This will take some time, but I'd hate to delete anything just on  one of my hunches. So for your next reply the contents of ckfiles.txt, and the Virus Total links for those files.

### #5 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 12 November 2016 - 05:43 PM

well, i deleted Utorrent and here is the Ckscanner txt

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\vestris.resourcelib.dll
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.21.0.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\restore_watermark.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\users\gamer-pc\desktop\gta san andreas\data\decision\craig\crack1.ped
c:\users\gamer-pc\desktop\nova pasta (2)\atlauncher\instances\unabridged\resources\bluepower\textures\blocks\cracked_basalt_lava.png.mcmeta
scanner sequence 3.ZZ.11.STAPEZ
----- EOF -----

### #6 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 12 November 2016 - 06:05 PM

C:\Users\Gamer-PC\AppData\Roaming\Dretipy\Sherfiward.dll

An error.  It says that the way doesnt exist

https://www.virustotal.com/pt/file/c2fa0cbbf038f74f8a30f86e289c09d488a36285bf6bbd45cd44c855f6696b1b/analysis/1478990820/

https://www.virustotal.com/pt/file/2405c945e3671b0278698435ba36b160e86e995a2dba8fbf79d6d0b75356d2c9/analysis/1478991031/

C:\WINDOWS\System32\drivers:ucdrv-x64.sys

Another error. It says that the file isnt valid

https://www.virustotal.com/pt/file/10f018be8341a82995c8a617b8e16ef5bef28f3f8278bd69224da6c9ac35bbea/analysis/1478991174/

https://www.virustotal.com/pt/file/d7a2615c18197d3de3f0324107abd2a2a1aca06c0d166d2f808bc76a40808099/analysis/1478991214/

C:\Users\Gamer-PC\AppData\Roaming\svchost.exe

Another error. It says that the file isnt possible to locate

C:\Program Files (x86)\1CE1C140-1478128637-11DD-B3ED-1CB72CB1C192\ka6pqa.dll

Another error. It says that the way doesnt exist

https://www.virustotal.com/en/file/0c108e1bf767e8be20b3cb3343486d300c32d6c3eb0e29cc5cf997629e4b4e6b/analysis/1478991566/

C:\Program Files (x86)\SMTP Service\smtpsv.exe

Another error. It says that the file isnt possible to locate

C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

It says that the way doesnt exist

the way doesnt exist

https://www.virustotal.com/en/file/662493df0fd6cce9d473dae341e7a3ceae0fbc8afac0079df1bb72cb2cd4a383/analysis/1478991757/

### #7 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 15 November 2016 - 06:47 AM

Something else for those files.
• Press the windows key  + r on your keyboard at the same time. Type in notepad and press Enter
• Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

File: c:\program files\kmspico\driver\tap-windows-9.21.0.exe
File: c:\program files\kmspico\uninshs.exe
File: C:\Users\Gamer-PC\AppData\Roaming\Dretipy\Sherfiward.dll
File: C:\WINDOWS\SysWOW64\GameMon.des
File: C:\Program Files (x86)\Verherck\kssModule.dll
File: C:\WINDOWS\System32\drivers:ucdrv-x64.sys
File: C:\WINDOWS\SysWOW64\chtbrkg.dll
File: C:\WINDOWS\system32\chtbrkg.dll
File: C:\Users\Gamer-PC\AppData\Roaming\svchost.exe
File: C:\Program Files (x86)\SMTP Service\smtpsv.exe
File: C:\Program Files (x86)\1CE1C140-1478128637-11DD-B3ED-1CB72CB1C192\ka6pqa.dll
File: C:\users\gamer-pc\desktop\fcro0.12.34x64-mpcg\bin\x64\factorio.exe
File: C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Folder: C:\Users\Gamer-PC\AppData\Roaming\Dretipy
Folder: C:\Users\Gamer-PC\AppData\Local\Ckaach

• Run FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

### #8 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 15 November 2016 - 06:20 PM

The log was to long to post so i had to upload it

### #9 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 17 November 2016 - 06:56 AM

I'm back. Let's see what we can do.

I must point out first that you appear to have a cracked version of MS Office. Some of the files, if they're involved with this crack, might be deleted in the cleaning process, rendering MS Office unusable.

System restore is disabled on your machine. We might need it. Go to the link below and see if you can enable it.

http://www.ghacks.net/2015/08/02/check-if-system-restore-is-enabled-on-windows-10/

If you can not enable System Restore with the above method, run the following fix:
• Press the windows key  + r on your keyboard at the same time. Type in notepad and press Enter
• Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"

• Run FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

### #10 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 18 November 2016 - 03:51 PM

The system restore is now enable.

### #11 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 18 November 2016 - 06:18 PM

Now for some cutting.

One program I strongly advise removing is Chrome. It is compromised, and a thorough removal and reinstall may be the smart choice. Save your bookmarks before running Revo to remove Chrome. Yes, Chrome may be gone, so you'll likely have to finish this with Internet Explorer. The software Cycs¢ò also, unless you recognize it, and trust it.

We need to remove some programs with Revo Uninstaller Free:

One program I strongly advise removing is Chrome. It is compromised, and a thorough removal and reinstall may be the smart choice. Save your bookmarks before running Revo to remove Chrome. Yes, Chrome may be gone, so you'll likely have to finish this with Internet Explorer. The software Cycs¢ò also, unless you recognize it, and trust it.

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

note: there is no need to click anything on that page, the download will start automatically
• Double click Revo Uninstaller to run it
• From the list of programs double click on the listed program(s), or anything similar, to remove it:
Cycs¢ò

• When prompted if you want to uninstall click Yes
• Be sure the Advanced option is selected then click Next
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next
• Check the items in bold only on the list then click Delete
note: you may have to expand some folders by clicking the "+" mark
• When prompted click on Yes and then on Next
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish

Some more trimming to do.

We need to run a fix with FRST:

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
(())
• Run FRST.exe/FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
• Run FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

So for your next reply let me know about the programs uninstalled, and the results of fixlog.txt. Please run FRST again, and post those logs as well. And please let me know how your computer is running.

### #12 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 19 November 2016 - 03:37 PM

I uninstalled those programs without an error.

About how my computer is running, i didnt found much major differences since you started to help me. The windows taskbar and another features that come with it still arent working and i keep hearing that sound that is the same to when my computer ask for an application permission.

Beside that my computer is running pretty well i think.

### #13 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 21 November 2016 - 10:52 AM

Let's see what we can do now.

Going over your logs I noticed that you have eMule installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall eMule, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Set up a new account following the instructions in the link below. Reboot your computer, log into that new account, and try to use the Start button and Taskbar.

• Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• A copy of all logfiles are saved to C:\AdwCleaner.

Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please run FRST again. Before running it, could you rename it to EnglishFRST.exe? And please copy and paste all logs. So for you next reply let me know if you have the taskbar in that other profile. Copy and paste the contents of

Both FRST logs

Let me know of any changes to your computer's performance.

### #14 Daniel_Galhoz

Daniel_Galhoz
• Topic Starter

Posted 22 November 2016 - 02:02 PM

Well there is major problem in your first request. Looks like i cant even create a new account, neither change my password of my actual account and there are even more things in the definitions that i cant do. I go to the page that says family and other users and i can´t open the "other users" or "your family", because when i click it it opens a small black page that shows on the screen for about 0,2 seconds and then disappear. I also never instaled eMule and i dont even now what it is, and i dont think i have it in my computer.

### #15 Bezukhov

Bezukhov

Bleepin' Jazz Fan!

Posted 24 November 2016 - 08:55 AM

Let's take another crack at this.

• Double click Revo Uninstaller to run it
• From the list of programs double click on the listed program(s), or anything similar, to remove it:
aMule C
• When prompted if you want to uninstall click Yes
• Be sure the Advanced option is selected then click Next
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next
• Check the items in bold only on the list then click Delete
note: you may have to expand some folders by clicking the "+" mark
• When prompted click on Yes and then on Next
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista/Windows7, right-click on it and Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

• Press the windows key  + r on your keyboard at the same time. Type in notepad and press Enter
• Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

CloseProcesses:
CreateRestorePoint:
Edge HomeButtonPage: HKU\S-1-5-21-2889577721-2179127745-3160987072-1001 -> hxxp://www.amisites.com/?type=hp&ts=1479502411&z=30dd606626e41307c012d75gcz5m9t9w1e6obz8ect&from=archer1028&uid=OCZ-TRION100_Y5BB633HKMBX
AlternateDataStreams: C:\Program Files\Internet Explorer:x64 [360536]
AlternateDataStreams: C:\Program Files\Internet Explorer:x86 [1156450]
Folder: C:\Users\Public\Thunder Network
Folder: C:\TOSTACK
C:\ProgramData\Avira
C:\ProgramData\Avg
C:\ProgramData\AVAST Software
C:\Users\Gamer-PC\AppData\Roaming\cfjcf
C:\Users\Gamer-PC\AppData\Roaming\ArchiverApp
C:\Program Files\Internet Explorer:ucdrv-x64.sys

• Run FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
So for your next reply please Copy and Paste the following in your next post. Use multiple posts if you must. The truth is it's easier to study them when they're copied and pasted.

1)Rkill.txt
2)Fixlog.txt

Inform me if there are any changes to your computer performance, and if you uninstalled that program.
