Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Software Downloads and Browser Pop-ups


  • This topic is locked This topic is locked
17 replies to this topic

#1 flamingporu

flamingporu

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 22 January 2017 - 07:29 AM

Hello, I need help! 

 

I recently installed some kind of software that randomly installed things on my PC, changed my chrome homepage and random browsers keep popping-up. I already uninstalled some of them on CC Cleaner but most of the programs(see attached) can't be uninstalled. Please help!

 

 

 

 

Attached Files

  • Attached File  PC1.png   90.6KB   1 downloads
  • Attached File  PC2.PNG   53.82KB   1 downloads
  • Attached File  PC3.PNG   748.25KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 22 January 2017 - 11:55 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(it takes a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:



createsrpoint;
filesrcm; 
uninstall-list;
iedefaults;
ffdefaults;
chrdefaults;
emptyclsid;
emptyalltemp;
autoclean;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Copy and paste the log to your next reply please.
 

***


:step3: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 22 January 2017 - 05:25 PM

Hello, Jo!

 

Here are my logs:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome 31.0.1650.63 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 
-ZOEK-
 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Santos on Mon 01/23/2017 at  6:03:07.20.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Santos\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
1/23/2017 6:03:44 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\Santos\AppData\Roaming\Softlink deleted successfully
C:\Users\Santos\AppData\Roaming\Vvuckchvosh deleted successfully
C:\Users\Santos\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\ProductData deleted
"C:\PROGRA~3\service.exe" deleted
"C:\PROGRA~2\Gipareedese Reports\local64spl.dll" deleted
"C:\PROGRA~2\Gipareedese Reports" not deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2017-01-19 16:03:06 3F5F2776CDFE37A06754E62A3EC7F7D3 2831046 ----a-w- C:\Windows\7f2a22a77d73d448e4e3d383c3329596.exe
====== C:\Users\Santos\AppData\Local\Temp ====
2017-01-22 12:54:56 F3FD7EC77B435C917FA5EE42A03E8D07 541188 ----a-w- C:\Users\Santos\AppData\Local\Temp\DBUpdater.exe
2017-01-22 12:03:40 2811B2ECDE178F07A715D0D5E3866AFE 210840 ----a-w- C:\Users\Santos\AppData\Local\Temp\Lambda.exe
2017-01-22 11:55:56 F2836385D67558B357D3337E72B19B03 7494040 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002534\KuaiZip_Setup_129823379_zzlm_013.exe
2017-01-22 11:55:56 E9824A2C14126FDB7627CE83F16E3A4C 51175312 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002534\Browser_V6.0.1471.813_r_4043_(Build1701181557).exe
2017-01-22 11:55:55 BFAE8CDE6902549029FA33B95983778D 5223968 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002531\MaoHaWiFiSetup_260.exe
2017-01-22 11:55:22 3202E8A5A94BFB7F1DE3146BB24A7052 373760 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002401\RandomDelJiheReg.exe
2017-01-22 11:55:21 987A5FC2E3ED22F47CCA3088F19AAA14 2072064 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002404\msiql.exe
2017-01-22 11:55:20 228248CDC85A571FA8871DB470FAF1B6 1630720 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002401\51495.top.exe
2017-01-22 11:55:19 0086A85A262967A22EE34DB85C9FFAC0 1620992 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002404\service.exe
2017-01-22 11:55:17 5FA7C75A70340FABFDAB8950CF345945 1483264 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002397\kpzip.exe
2017-01-22 11:55:15 E432F99F93D63D8EC0F64708231ED3A6 511488 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002394\hp.exe
2017-01-22 11:54:41 20C72C73E9428F864FCE977C241B9597 2315388 ----a-w- C:\Users\Santos\AppData\Local\Temp\AutoTime51495.exe
2017-01-22 11:53:21 04664D1F93114A1CD02ED99542074742 9431008 ----a-w- C:\Users\Santos\AppData\Local\Temp\wajam_install.exe
2017-01-22 11:53:20 51BCD21B0461638CB756A1E9E2040D10 17628560 ----a-w- C:\Users\Santos\AppData\Local\Temp\E11D.tmp.exe
2017-01-22 11:53:17 705DA0FBCA43A934BA47D42851759470 75264 ----a-w- C:\Users\Santos\AppData\Local\Temp\DriverBoosterSetup.exe
2017-01-22 11:53:10 35FA8E150C1F0C37ACD3CB4C5F7BF279 422320 ----a-w- C:\Users\Santos\AppData\Local\Temp\Trotux.exe
2017-01-20 12:59:44 1C055F2C1BDE552AF67FF284E61B16AB 90432 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170114to20170119.exe
2017-01-14 13:29:18 221A5C62A108DD814E96994EC400E521 91312 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170112to20170114.exe
2017-01-12 13:19:38 08B7E83F2BE31C02A63E1CD1E70220C5 99168 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170106to20170112.exe
2017-01-10 12:38:57 C287AC98CB89E673041045D5E388DFC1 90568 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20161215to20170106.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
2017-01-22 11:55:05 EF558A02D734A1403583E95CCEEC2487 27552 ----a-w- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
====== C:\Windows\Sysnative =====
2017-01-22 11:59:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\__00000001422863AD__C0000005.dmp
====== C:\Windows\Sysnative\drivers =====
2017-01-22 11:57:22 FEE53173263B621656360F99E68DCDA5 92832 ----a-w- C:\Windows\Sysnative\drivers\KuaiZipDrive.sys
2017-01-16 10:17:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2017-01-22 13:10:29 3F0537B7DCA5DFFA32675BEC24A2A217 3476 ----a-w- C:\Windows\Sysnative\Tasks\Garena+ Plugin Host Service
====== C:\Windows\Temp ======
======= C:\Program Files =====
2017-01-22 11:57:21 -------- d-----w- C:\Program Files\¿ìѹ
2017-01-01 16:54:36 -------- d-----w- C:\Program Files\HP
======= C:\PROGRA~2 =====
2017-01-22 11:53:38 -------- d-----w- C:\PROGRA~2\Gipareedese Reports
2017-01-22 11:53:36 -------- d-----w- C:\PROGRA~2\Relgregeck
2016-12-31 06:22:13 -------- d-----w- C:\PROGRA~2\Hp
2016-12-31 06:22:13 -------- d-----w- C:\PROGRA~2\Hewlett-Packard
2016-12-31 03:56:08 400556032 ----a-w- C:\PROGRA~2\GarenaPHLoL_Install_20161215.0.dat
2016-12-31 03:50:46 -------- d-----w- C:\PROGRA~2\Garena Plus
======= C: =====
====== C:\Users\Santos\AppData\Roaming ======
2017-01-22 11:59:09 -------- d-----w- C:\Users\Santos\AppData\Local\UCBrowser
2017-01-22 11:57:22 -------- d-----w- C:\Users\Santos\AppData\Roaming\KuaiZip
2017-01-22 11:55:29 -------- d-----w- C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-22 11:55:06 -------- d-----w- C:\Users\Santos\AppData\Locallow\IObit
2017-01-22 11:55:00 -------- d-----w- C:\Users\Santos\AppData\Roaming\IObit
2017-01-22 11:53:37 -------- d-----w- C:\Users\Santos\AppData\Roaming\Profiles
2017-01-22 11:53:37 -------- d-----w- C:\Users\Santos\AppData\Local\Ckirsh
2017-01-22 11:46:58 -------- d-----w- C:\Users\Santos\AppData\Roaming\WinRAR
2017-01-05 12:44:54 -------- d-----w- C:\Users\Santos\AppData\Locallow\Temp
2017-01-03 09:46:14 -------- d-----w- C:\Users\Santos\AppData\Locallow\Adobe
2017-01-02 09:06:44 -------- d-----w- C:\Users\Santos\AppData\Local\Adobe
2017-01-01 16:54:42 -------- d-----w- C:\Users\Santos\AppData\Roaming\HpUpdate
2017-01-01 16:53:51 -------- d-----w- C:\Users\Santos\AppData\Local\HP
2017-01-01 14:42:28 25F4391044F211EDED4BB541A94E56DF 132 ----a-w- C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-01 14:27:40 -------- d-----w- C:\Users\Santos\AppData\Roaming\NVIDIA
2016-12-31 06:28:44 -------- d-----w- C:\Users\Santos\AppData\Roaming\LolClient
2016-12-31 06:28:43 -------- d-----w- C:\Users\Santos\AppData\Roaming\Adobe
2016-12-31 03:51:52 -------- d-----w- C:\Users\Santos\AppData\Local\Garena
2016-12-31 03:51:18 -------- d-----w- C:\Users\Santos\AppData\Roaming\Garena
2016-12-31 03:04:25 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2016-12-31 02:54:03 -------- d-s---w- C:\Users\UpdatusUser\AppData\Locallow\Microsoft
2016-12-31 02:53:57 -------- d-----w- C:\Users\Santos\AppData\Roaming\GarenaPlus
====== C:\Users\Santos ======
2017-01-22 12:13:22 505448905BFE62A772A9A3DBF3954DCA 2420736 ----a-w- C:\Users\Santos\Downloads\FRST64.exe
2017-01-22 12:09:56 603BDB470FA2F1C5B6CA1BCCDF508A45 4747704 ----a-w- C:\Users\Santos\Downloads\tdsskiller.exe
2017-01-22 11:55:49 0086A85A262967A22EE34DB85C9FFAC0 1620992 ----a-w- C:\ProgramData\search
2017-01-22 11:55:11 -------- d-----w- C:\Users\Public\Thunder Network
2017-01-22 11:55:11 -------- d-----w- C:\ProgramData\Thunder Network
2017-01-22 11:55:06 -------- d-----w- C:\ProgramData\IObit
2017-01-22 11:53:42 -------- d-----w- C:\ProgramData\Avira
2017-01-22 11:53:42 -------- d-----w- C:\ProgramData\Avg
2017-01-01 16:54:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-01 16:54:37 -------- d-----w- C:\ProgramData\HP
2017-01-01 16:54:34 E03D99C4C93F2A768202607D60BB30A1 57 ----a-w- C:\ProgramData\Ament.ini
2016-12-31 03:51:18 -------- d-----w- C:\ProgramData\Garena
2016-12-31 03:50:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-12-31 02:53:23 -------- d-----w- C:\ProgramData\GarenaMessenger
 
====== C: exe-files ==
2017-01-22 22:03:59 B9D9F200A04AE7500F7E2188FA76D698 1569176 ----a-w- C:\Users\Santos\AppData\Roaming\KuaiZip\mininewsxktt.exe
2017-01-22 12:54:56 F3FD7EC77B435C917FA5EE42A03E8D07 541188 ----a-w- C:\Users\Santos\AppData\Local\Temp\DBUpdater.exe
2017-01-22 12:54:56 6022A0725C249E6A06C9FD9C5E813961 541184 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C07KMJW\DBUpdater[1].exe
2017-01-22 12:13:22 505448905BFE62A772A9A3DBF3954DCA 2420736 ----a-w- C:\Users\Santos\Downloads\FRST64.exe
2017-01-22 12:09:56 603BDB470FA2F1C5B6CA1BCCDF508A45 4747704 ----a-w- C:\Users\Santos\Downloads\tdsskiller.exe
2017-01-22 12:03:40 2811B2ECDE178F07A715D0D5E3866AFE 210840 ----a-w- C:\Users\Santos\AppData\Local\Temp\Lambda.exe
2017-01-22 12:03:34 62F5E9CB7EF54B4C9E5BC42783F1BE49 1214872 ----a-w- C:\Users\Santos\AppData\Roaming\KuaiZip\ktpop3.exe
2017-01-22 11:57:21 FF20A4021C1E03EDED72EEB1112CDB30 2155928 ----a-w- C:\Program Files\¿ìѹ\X86\KuaiZip.exe
2017-01-22 11:57:21 FB69E4B00E3F7880AD39E15065099B19 706968 ----a-w- C:\Program Files\¿ìѹ\X86\DiskOpt.exe
2017-01-22 11:57:21 C96B47E6433E8A0DDC87F88F398BC140 478616 ----a-w- C:\Program Files\¿ìѹ\X64\KZMount2.exe
2017-01-22 11:57:21 BC943BA6A2C19F312624C29A8A0E6D86 957336 ----a-w- C:\Program Files\¿ìѹ\X86\KZReport.exe
2017-01-22 11:57:21 BADA1B657CCBD55FF557C1E05CB29761 796568 ----a-w- C:\Program Files\¿ìѹ\X86\KZTui.exe
2017-01-22 11:57:21 70A8F75DA0916EE2E24A4A3F32069A26 300952 ----a-w- C:\Program Files\¿ìѹ\X86\SetupHelper.exe
2017-01-22 11:57:21 5827B339B6BDA1B0E3A1A525102E2371 1738648 ----a-w- C:\Program Files\¿ìѹ\X86\Uninst.exe
2017-01-22 11:57:21 38C4210EAD0236CAB8EB9A16E01B1FC5 925592 ----a-w- C:\Program Files\¿ìѹ\X86\Update.exe
2017-01-22 11:57:21 25915622E9F4EF9F338B4E6C92752BE1 579992 ----a-w- C:\Program Files\¿ìѹ\X86\UpdateChecker.exe
2017-01-22 11:57:21 0537AB91A6B652A217FFF0109B72DC4B 273304 ----a-w- C:\Program Files\¿ìѹ\X64\SetupHelper.exe
2017-01-22 11:55:56 F2836385D67558B357D3337E72B19B03 7494040 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002534\KuaiZip_Setup_129823379_zzlm_013.exe
2017-01-22 11:55:56 E9824A2C14126FDB7627CE83F16E3A4C 51175312 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002534\Browser_V6.0.1471.813_r_4043_(Build1701181557).exe
2017-01-22 11:55:55 BFAE8CDE6902549029FA33B95983778D 5223968 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002531\MaoHaWiFiSetup_260.exe
2017-01-22 11:55:22 3202E8A5A94BFB7F1DE3146BB24A7052 373760 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002401\RandomDelJiheReg.exe
2017-01-22 11:55:21 987A5FC2E3ED22F47CCA3088F19AAA14 2072064 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002404\msiql.exe
2017-01-22 11:55:20 228248CDC85A571FA8871DB470FAF1B6 1630720 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002401\51495.top.exe
2017-01-22 11:55:19 0086A85A262967A22EE34DB85C9FFAC0 1620992 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002404\service.exe
2017-01-22 11:55:17 5FA7C75A70340FABFDAB8950CF345945 1483264 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002397\kpzip.exe
2017-01-22 11:55:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAR8YS0Z\msiql[1].exe
2017-01-22 11:55:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FRA26OQ\service[1].exe
2017-01-22 11:55:15 E432F99F93D63D8EC0F64708231ED3A6 511488 ----a-w- C:\Users\Santos\AppData\Local\Temp\00002394\hp.exe
2017-01-22 11:55:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAR8YS0Z\51495.top[1].exe
2017-01-22 11:55:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FRA26OQ\RandomDelJiheReg[1].exe
2017-01-22 11:55:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FRA26OQ\kpzip[1].exe
2017-01-22 11:55:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FRA26OQ\hp[1].exe
2017-01-22 11:54:55 C355703006B93AF4DF46331470273D33 73216 ----a-w- C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe
2017-01-22 11:54:55 C355703006B93AF4DF46331470273D33 73216 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C07KMJW\Manager[1].exe
2017-01-22 11:54:41 20C72C73E9428F864FCE977C241B9597 2315388 ----a-w- C:\Users\Santos\AppData\Local\Temp\AutoTime51495.exe
2017-01-22 11:53:36 EFFE44E3B9EA798376535A82F51596D9 1016592 ----a-w- C:\Program Files (x86)\Relgregeck\prerjght.exe
2017-01-22 11:53:21 04664D1F93114A1CD02ED99542074742 9431008 ----a-w- C:\Users\Santos\AppData\Local\Temp\wajam_install.exe
2017-01-22 11:53:20 51BCD21B0461638CB756A1E9E2040D10 17628560 ----a-w- C:\Users\Santos\AppData\Local\Temp\E11D.tmp.exe
2017-01-22 11:53:20 51BCD21B0461638CB756A1E9E2040D10 17628560 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C07KMJW\driver_booster_setup[1].exe
2017-01-22 11:53:17 705DA0FBCA43A934BA47D42851759470 75264 ----a-w- C:\Users\Santos\AppData\Local\Temp\DriverBoosterSetup.exe
2017-01-22 11:53:10 35FA8E150C1F0C37ACD3CB4C5F7BF279 422320 ----a-w- C:\Users\Santos\AppData\Local\Temp\Trotux.exe
2017-01-20 12:59:44 1C055F2C1BDE552AF67FF284E61B16AB 90432 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170114to20170119.exe
2017-01-19 16:03:06 3F5F2776CDFE37A06754E62A3EC7F7D3 2831046 ----a-w- C:\Windows\7f2a22a77d73d448e4e3d383c3329596.exe
2017-01-17 12:55:33 7B847417ECAD6CFBEA38428D09D8C69B 1385312 ----a-w- C:\ProgramData\GarenaMessenger\update\12683\bbtalk\BBTalk.exe
2017-01-17 12:54:58 CA52BC33431AF6A26AC255BA84BF866C 223254 ----a-w- C:\ProgramData\GarenaMessenger\update\12683\gtv\CrashReporter.exe
2017-01-17 12:54:57 AF31740E19AD5F17924033015A78F3E6 61721 ----a-w- C:\ProgramData\GarenaMessenger\update\12683\gtv\GarenaTV.exe
=== C: other files ==
2017-01-22 22:04:04 18D89132F82D1AB004A4D0A5ED14DA1A 20083 ----a-w- C:\Users\Santos\AppData\Roaming\KuaiZip\mininewsxktt.zip
2017-01-22 12:03:40 7660A8D72CA9625C085A28441C5D66F4 6708 ----a-w- C:\Users\Santos\AppData\Roaming\KuaiZip\tpop3.zip
2017-01-22 11:58:20 90B7FE35371285CEE5AD286DA9767542 109 ----a-w- C:\Users\Santos\AppData\Local\Temp\schtasks_42757.832181412.bat
2017-01-22 11:57:22 FEE53173263B621656360F99E68DCDA5 92832 ----a-w- C:\Windows\System32\drivers\KuaiZipDrive.sys
2017-01-22 11:57:21 FEE53173263B621656360F99E68DCDA5 92832 ----a-w- C:\Program Files\¿ìѹ\X64\KuaiZipDrive.sys
2017-01-22 11:55:05 EF558A02D734A1403583E95CCEEC2487 27552 ----a-w- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
2017-01-22 11:52:40 06DD86A00D7323C5262FFFAC348D4D0E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4063383439-142346386-2490566706-1000\$IHZDGG6.zip
2017-01-22 11:52:38 F93156CE52D56492651F616584782B3A 2333656 ----a-w- C:\Users\Santos\Downloads\IDM_6_27_Build_2\IDM_6_27_Build_2.zip
2017-01-22 11:50:12 B765705A89957BAE8C1B45948ABDD43F 2332713 ----a-w- C:\$Recycle.Bin\S-1-5-21-4063383439-142346386-2490566706-1000\$RHZDGG6.zip
2017-01-22 11:45:54 11147E6E932849AB3E092E1000726EF5 70342176 ----a-w- C:\Users\Santos\Downloads\?Voltron? Shiro.zip
 
==== Chromium Look ======================
 
 
 
==== Chromium Startpages ======================
 
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://linkzb.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://linkzb.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Preferences was reset successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Web Data.65 was reset successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Web Data.65-journal was reset successfully
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Santos\Desktop\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
C:\Users\Santos\Desktop\Garena+.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe 
C:\Users\Santos\Desktop\Google Chrome.lnk - C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://fanli90.cn/
C:\Users\Santos\Desktop\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
C:\Users\Santos\Desktop\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe 
C:\Users\Santos\Desktop\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110 Scan.lnk - C:\Program Files (x86)\Hp\HP Deskjet Ink Adv 2060 K110\bin\HPScan.exe 
C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\Bin\HP Deskjet Ink Adv 2060 K110.exe -Start UDCDevicePage
C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet Ink Adv 2060 K110.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\Bin\hpqDTSS.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk -  
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://fanli90.cn/
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://fanli90.cn/
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena+.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena+\Garena+.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\League of Legends\Start LoL.lnk - D:\Program Files (x86)\LoLPHLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\Hp\HP Software Update\hpwucli.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\Help.lnk - C:\Program Files (x86)\Hp\HP Deskjet Ink Adv 2060 K110\bin\HelpViewer\hpqlpvwr.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\HP Deskjet Ink Adv 2060 K110.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\Bin\HP Deskjet Ink Adv 2060 K110.exe -Start UDCDevicePage
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\HP Scan.lnk - C:\Program Files (x86)\Hp\HP Deskjet Ink Adv 2060 K110\bin\HPScan.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\Printer Setup & Software.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetupLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\Product Support Website.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\ProductSupportShortcut.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\Shop for Supplies.lnk - C:\Program Files (x86)\HP\HP Deskjet Ink Adv 2060 K110\Bin\hpqDTSS.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet Ink Adv 2060 K110\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /qb /x {8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://fanli90.cn/
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://fanli90.cn/
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC???.lnk -  
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://fanli90.cn/
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
 
==== shortcuts After Repair ======================
 
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
 
==== Uninstall List x64 ======================
 
Adobe Flash Player 24 PPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI]
Adobe Reader XI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Garena - League of Legends [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LoLPH]
Garena+  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\im]
Google Chrome [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
HP Deskjet Ink Adv 2060 K110 Basic Device Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}]
HP Deskjet Ink Adv 2060 K110 Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{261A4762-744B-4C71-81D2-57FA5038DC7B}]
HP Support Solutions Framework [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC3C2B77-6800-48C6-A15D-9D1031130C16}]
HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}]
Intel® Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Microsoft .NET Framework 4.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}]
Microsoft .NET Framework 4.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUS]
NVIDIA Control Panel 314.07 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel]
NVIDIA Graphics Driver 314.07 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
NVIDIA Update 1.12.12 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update]
NVIDIA Update Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update]
WinRAR 5.40 beta 4 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Santos\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=6 folders=2 1911059 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Santos\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Santos\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\PROGRA~2\Gipareedese Reports"  not found
 
==== EOF on Mon 01/23/2017 at  6:15:26.01 ======================
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Santos (administrator) on SANTOS-PC (23-01-2017 06:18:29)
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Windows\KMS-R@1n.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Providers\o0asda6a: C:\Program Files (x86)\Gipareedese Reports\local64spl.dll
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)
ShellExecuteHooks: No Name - {036CBE24-DE3B-11E6-95A0-64006A5CFC23} - C:\Users\Santos\AppData\Roaming\Vvuckchvosh\Jujutshnile.dll -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-01-22] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{076AB01B-369C-4BC8-8562-02966D169345}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com
SearchScopes: HKU\S-1-5-21-4063383439-142346386-2490566706-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-12-27] ( Garena)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HewlettPackardHewlettPackard; C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll [225792 2017-01-22] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2009-01-01] () [File not signed]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032 2017-01-22] ()
R2 Uktain; C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll [136192 2017-01-22] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-22] (REALiX™)
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-01-22] (WinMount International Inc)
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 06:18 - 2017-01-23 06:18 - 00008283 _____ C:\Users\Santos\Desktop\FRST.txt
2017-01-23 06:17 - 2017-01-23 06:17 - 00031817 _____ C:\Users\Santos\Desktop\zoek-results.txt
2017-01-23 06:14 - 2017-01-23 06:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-23 06:02 - 2017-01-23 06:12 - 00000000 ____D C:\zoek_backup
2017-01-23 06:02 - 2017-01-23 06:02 - 01309184 _____ C:\Users\Santos\Desktop\zoek.exe
2017-01-23 06:02 - 2017-01-23 06:02 - 00000787 _____ C:\Users\Santos\Desktop\checkup.txt
2017-01-23 06:00 - 2017-01-23 06:00 - 00852798 _____ C:\Users\Santos\Desktop\SecurityCheck.exe
2017-01-22 21:10 - 2017-01-23 06:15 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-01-22 20:20 - 2017-01-22 20:20 - 00001401 _____ C:\Users\Santos\Downloads\Fixlog.txt
2017-01-22 20:20 - 2017-01-22 20:20 - 00000604 _____ C:\Users\Santos\Downloads\fixlist.txt
2017-01-22 20:14 - 2017-01-22 20:14 - 00037279 _____ C:\Users\Santos\Downloads\Addition.txt
2017-01-22 20:13 - 2017-01-22 20:20 - 00000000 ____D C:\FRST
2017-01-22 20:13 - 2017-01-22 20:14 - 00031961 _____ C:\Users\Santos\Downloads\FRST.txt
2017-01-22 20:13 - 2017-01-22 20:13 - 02420736 _____ (Farbar) C:\Users\Santos\Desktop\FRST64.exe
2017-01-22 20:10 - 2017-01-22 20:11 - 00187420 _____ C:\TDSSKiller.3.1.0.12_22.01.2017_20.10.48_log.txt
2017-01-22 20:09 - 2017-01-22 20:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Santos\Downloads\tdsskiller.exe
2017-01-22 19:59 - 2017-01-22 19:59 - 00000000 ____D C:\Users\Santos\AppData\Local\UCBrowser
2017-01-22 19:59 - 2017-01-22 19:59 - 00000000 _____ C:\Windows\system32\__00000001422863AD__C0000005.dmp
2017-01-22 19:57 - 2017-01-23 06:04 - 00000000 ____D C:\Users\Santos\AppData\Roaming\KuaiZip
2017-01-22 19:57 - 2017-01-22 19:57 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2017-01-22 19:57 - 2017-01-22 19:57 - 00000840 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
2017-01-22 19:57 - 2017-01-22 19:57 - 00000000 ____D C:\Program Files\¿ìѹ
2017-01-22 19:55 - 2017-01-22 19:57 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 01620992 _____ C:\ProgramData\search
2017-01-22 19:55 - 2017-01-22 19:55 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Windows\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Users\Santos\AppData\Roaming\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Users\Public\Thunder Network
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\ProgramData\Thunder Network
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\ProgramData\IObit
2017-01-22 19:54 - 2017-01-22 19:59 - 00000000 ____D C:\Windows\system32\SSL
2017-01-22 19:53 - 2017-01-22 22:42 - 00000000 ____D C:\Program Files (x86)\Relgregeck
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\Users\Santos\AppData\Local\Ckirsh
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\Avira
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\Avg
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-22 19:52 - 2017-01-22 20:55 - 00000000 ____D C:\Users\Santos\Downloads\IDM_6_27_Build_2
2017-01-22 19:46 - 2017-01-22 19:53 - 123642709 _____ C:\Users\Santos\Downloads\Unconfirmed 238911.crdownload
2017-01-22 19:46 - 2017-01-22 19:46 - 00000000 ____D C:\Users\Santos\AppData\Roaming\WinRAR
2017-01-22 19:45 - 2017-01-22 19:45 - 70342176 _____ C:\Users\Santos\Downloads\【Voltron】 Shiro.zip
2017-01-20 00:03 - 2017-01-20 00:03 - 02831046 _____ C:\Windows\7f2a22a77d73d448e4e3d383c3329596.exe
2017-01-16 18:17 - 2017-01-16 18:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-01-16 17:31 - 2017-01-16 17:31 - 00064000 _____ C:\Users\Santos\Desktop\PHIL-IRI-FIL-G2-CAMIA (1).xls
2017-01-08 14:22 - 2017-01-08 14:22 - 00106274 _____ C:\Users\Santos\Downloads\FORM_5A_2016-90959_Second Semester AY 2016-2017.pdf
2017-01-07 16:06 - 2017-01-07 16:06 - 03108408 _____ C:\Users\Santos\Desktop\GRADE-2_3RD-QUARTER.xlsx classr ecord.xlsx
2017-01-05 20:44 - 2017-01-05 20:44 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Temp
2017-01-03 17:46 - 2017-01-03 17:46 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Adobe
2017-01-02 17:40 - 2017-01-19 19:35 - 03117240 _____ C:\Users\Santos\Desktop\GRADE-2_3RD-QUARTER.xlsx
2017-01-02 17:39 - 2017-01-16 18:08 - 03129283 _____ C:\Users\Santos\Desktop\GRADE-2_2ND-QUARTER. Sampaguita.xlsx
2017-01-02 17:39 - 2017-01-02 17:39 - 00000000 ____D C:\Users\Santos\Documents\Custom Office Templates
2017-01-02 17:08 - 2017-01-02 17:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-02 17:08 - 2017-01-02 17:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-02 17:07 - 2017-01-02 17:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-02 17:06 - 2017-01-03 17:46 - 00000000 ____D C:\Users\Santos\AppData\Local\Adobe
2017-01-02 00:54 - 2017-01-10 20:27 - 00000000 ____D C:\Users\Santos\AppData\Roaming\HpUpdate
2017-01-02 00:54 - 2017-01-02 00:54 - 00002287 _____ C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00001241 _____ C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110 Scan.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00001204 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet Ink Adv 2060 K110.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\ProgramData\HP
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\Program Files\HP
2017-01-02 00:53 - 2017-01-02 00:55 - 00000000 ____D C:\Users\Santos\AppData\Local\HP
2017-01-02 00:49 - 2017-01-02 00:52 - 48952944 _____ C:\Users\Santos\Downloads\DJ2060_K110_1313-1.exe
2017-01-01 22:42 - 2017-01-10 21:42 - 00000132 _____ C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-01 22:38 - 2017-01-01 22:46 - 11411641 _____ C:\Users\Santos\Desktop\_DSC0270.psd
2017-01-01 22:38 - 2017-01-01 22:42 - 03112104 _____ C:\Users\Santos\Desktop\Untitled-1.psd
2017-01-01 22:27 - 2017-01-01 22:27 - 00000000 ____D C:\Users\Santos\AppData\Roaming\NVIDIA
2017-01-01 22:24 - 2017-01-22 10:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-01 22:24 - 2017-01-01 22:24 - 00000000 ____D C:\Windows\XSxS
2017-01-01 22:07 - 2017-01-01 22:20 - 97271343 _____ (PortableAppZ.blogspot.com) C:\Users\Santos\Downloads\Photoshop.Portable.CS6.13.0.Multilingual.exe
2016-12-31 14:29 - 2016-12-31 14:29 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Macromedia
2016-12-31 14:28 - 2017-01-22 19:54 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Adobe
2016-12-31 14:28 - 2016-12-31 14:28 - 00000000 ____D C:\Users\Santos\AppData\Roaming\LolClient
2016-12-31 14:22 - 2017-01-22 20:12 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-31 14:22 - 2017-01-02 00:54 - 00000000 ____D C:\Program Files (x86)\Hp
2016-12-31 11:56 - 2016-12-31 14:17 - 400556032 _____ C:\Program Files (x86)\GarenaPHLoL_Install_20161215.0.dat
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\Users\Santos\AppData\Local\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\ProgramData\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\GarenaDownload
2016-12-31 11:50 - 2017-01-20 20:57 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-12-31 11:50 - 2016-12-31 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-12-31 11:50 - 2016-12-31 11:50 - 00001066 _____ C:\Users\Santos\Desktop\Garena+.lnk
2016-12-31 11:45 - 2016-12-31 11:50 - 95161176 _____ C:\Users\Santos\Downloads\Garena+_Install.exe
2016-12-31 10:54 - 2016-12-31 10:54 - 00000000 ___SD C:\Users\UpdatusUser\AppData\LocalLow\Microsoft
2016-12-31 10:53 - 2017-01-22 17:52 - 00000000 ____D C:\Users\Santos\AppData\Roaming\GarenaPlus
2016-12-31 10:53 - 2017-01-22 17:52 - 00000000 ____D C:\ProgramData\GarenaMessenger
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 06:15 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-23 06:13 - 2009-01-01 17:00 - 00001885 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-23 06:13 - 2009-01-01 17:00 - 00001885 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-01-23 06:05 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-23 06:05 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-23 06:03 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-23 06:03 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-01-22 22:10 - 2009-01-01 17:07 - 00002623 _____ C:\Users\Santos\Desktop\Google Chrome.lnk
2017-01-22 19:53 - 2009-01-01 17:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-10 20:24 - 2009-01-01 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-01-01 22:51 - 2009-01-01 17:07 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-01 14:31 - 2009-07-14 12:45 - 00446704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-31 21:56 - 2009-01-01 17:16 - 00112648 _____ C:\Users\Santos\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-31 20:48 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\wdi
2016-12-31 19:14 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\winsxs
2016-12-31 19:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-12-31 18:59 - 2011-07-04 03:11 - 00000000 ____D C:\Windows\nl-NL
2016-12-31 18:59 - 2011-04-12 16:28 - 00000000 ____D C:\Windows\ehome
2016-12-31 18:59 - 2011-04-12 16:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\Drivers\UMDF
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\winrm
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\WCN
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Media Player
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Media Player
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\wbem
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\nl-NL
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\migration
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\DriverStore
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\wbem
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Setup
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\oobe
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\nl-NL
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\MUI
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\migration
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Dism
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\com
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\servicing
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows Mail
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Windows Mail
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-31 18:58 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Logs
2016-12-31 14:22 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-31 14:22 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\assembly
2016-12-31 11:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-31 10:54 - 2009-01-01 17:06 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2016-12-31 10:53 - 2009-01-01 17:06 - 00000000 ___SD C:\Users\UpdatusUser\AppData\Roaming\Microsoft
 
==================== Files in the root of some directories =======
 
2016-12-31 11:56 - 2016-12-31 14:17 - 400556032 _____ () C:\Program Files (x86)\GarenaPHLoL_Install_20161215.0.dat
2017-01-01 22:42 - 2017-01-10 21:42 - 0000132 _____ () C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-02 00:54 - 2017-01-02 00:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-22 19:55 - 2017-01-22 19:55 - 1620992 _____ () C:\ProgramData\search
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-14 21:20
 
==================== End of FRST.txt ============================
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Santos (23-01-2017 06:18:56)
Running from C:\Users\Santos\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-01-01 09:00:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4063383439-142346386-2490566706-500 - Administrator - Disabled)
Guest (S-1-5-21-4063383439-142346386-2490566706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063383439-142346386-2490566706-1003 - Limited - Enabled)
Santos (S-1-5-21-4063383439-142346386-2490566706-1000 - Administrator - Enabled) => C:\Users\Santos
UpdatusUser (S-1-5-21-4063383439-142346386-2490566706-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3CFE4941-6880-4901-94F1-137289B32328} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {A86062D9-534A-48F5-878E-B37137AE1744} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {B3EE5DA0-25F3-46F6-85EF-C37EA45CEBC7} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe [2017-01-22] ()
Task: {C5A20AD8-E2AA-4192-960C-220C6D96B605} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E54DED42-B493-433A-9371-8A2E5532C488} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-12-27] ()
Task: {F2448782-ED59-42F5-8EB9-817189DD525F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
 
ShortcutWithArgument: C:\Users\Santos\Desktop\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-01-01 17:06 - 2013-02-10 09:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00175096 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2013-02-22 17:59 - 2013-02-22 17:59 - 06523456 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00524696 _____ () C:\Program Files\¿ìѹ\X64\KZipShell.dll
2009-01-01 17:16 - 2009-01-01 17:16 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2016-12-27 19:06 - 2016-12-27 19:06 - 03436536 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00219032 _____ () c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll
2017-01-22 19:53 - 2017-01-22 19:53 - 00136192 _____ () c:\program files (x86)\relgregeck\vohekzektaincnf.dll
2017-01-22 20:12 - 2017-01-22 20:12 - 00225792 ____H () C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 00702416 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 00099792 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2009-01-01 17:07 - 2013-12-04 10:48 - 04055504 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2009-01-01 17:07 - 2013-12-04 10:48 - 00399312 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 01619408 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3F00DE79-D4E3-4400-8A8F-EE0D647E8D22}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{287BE859-68C8-43AC-9E02-C7C15802C1E5}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{049089B8-0DD8-4440-9B3B-9CD4A180FD10}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0C094980-767D-42E1-B842-2B084C007D40}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7E4AEF9-54A2-407E-ADDB-50FAF544D24B}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F5860F0-E236-4725-A017-8C4C3C5E7DCF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{833F98E7-73F2-4E5F-8DBA-6338F42B8B35}] => D:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{E16A26B9-86BE-4DD5-BBFB-F29A50E115E6}] => LPort=8370
FirewallRules: [{6344B179-4CB3-4039-A9B2-352ED2717091}] => LPort=8370
FirewallRules: [{055A9FB5-A096-4A39-998E-377701810704}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7ABD38CF-E83D-4413-B5B2-5DC12C9D8BFD}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{B6BE08F9-E767-492B-A01C-5D36ED37752A}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{9355E314-BE2F-4C8A-810F-F41108B5DAE5}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{E5A516A0-2534-4C47-A461-D0AC044B3875}] => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{568165E8-30AD-4A3C-8279-06DFBD4E7A69}] => LPort=6971
FirewallRules: [{44D4F5BA-D38C-4EB2-BC7D-B55C894467BE}] => LPort=6971
FirewallRules: [{381E4749-7101-461E-9CE6-36483DD51033}] => LPort=6951
FirewallRules: [{C1A2D4C4-BEBF-4AC6-9E35-AF7C37A8FD8D}] => LPort=6951
FirewallRules: [{F336FAF8-F830-4920-ABEB-4BD5FF166595}] => LPort=6940
FirewallRules: [{B3EEF2F0-BA19-4754-B308-D9EE0255F9C1}] => LPort=6940
FirewallRules: [{AE855DE7-B878-49B8-BFA9-55C39F8D9FAC}] => C:\Users\Santos\AppData\Local\Temp\is-2DK4K.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
 
==================== Restore Points =========================
 
21-01-2017 12:46:42 Scheduled Checkpoint
23-01-2017 06:03:36 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
Name: ucdrv
Description: ucdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ucdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2017 06:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/23/2017 06:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/22/2017 10:44:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/22/2017 08:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 22.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: de8
 
Start Time: 01d274a9d95603fa
 
Termination Time: 59
 
Application Path: C:\Users\Santos\Downloads\FRST64.exe
 
Report Id:
 
Error: (01/22/2017 07:57:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/22/2017 07:56:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AutoTime51495.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: db8
 
Start Time: 01d274a6586aa57c
 
Termination Time: 2
 
Application Path: C:\Users\Santos\AppData\Local\Temp\is-14VC9.tmp\AutoTime51495.tmp
 
Report Id:
 
Error: (01/22/2017 07:54:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/22/2017 07:53:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/22/2017 07:53:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/22/2017 07:53:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (01/23/2017 06:15:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ucdrv
 
Error: (01/23/2017 06:15:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoogleChromeUpService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/23/2017 06:12:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2017 06:12:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2017 06:12:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2017 06:12:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2017 06:12:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2017 06:11:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HewlettPackardHewlettPackard service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 05:58:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ucdrv
 
Error: (01/22/2017 10:42:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ucdrv
 
 
CodeIntegrity:
===================================
  Date: 2017-01-23 06:15:31.112
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 06:15:31.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 05:58:35.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 05:58:35.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 22:42:47.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 22:42:47.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 21:10:30.027
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 21:10:30.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 17:49:18.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 17:49:18.006
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 16%
Total physical RAM: 8143.78 MB
Available physical RAM: 6760.09 MB
Total Virtual: 16285.75 MB
Available Virtual: 14759.78 MB
 
==================== Drives ================================
 
Drive c: (O,S) (Fixed) (Total:49.92 GB) (Free:19.4 GB) NTFS
Drive d: (Files) (Fixed) (Total:415.74 GB) (Free:57.61 GB) NTFS
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D063F16)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 22 January 2017 - 06:13 PM

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 23 January 2017 - 05:52 AM

Hello, 
 
The apps are still there and the browser hasn't changed... Please see below logs...
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Santos (Administrator) on Mon 01/23/2017 at 18:46:46.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F7ODJR1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\161L9YFI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44IH0MAL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JAT1ONS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QD8926B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZIC2EQI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLUOHHYB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLURZ6JZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F7ODJR1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\161L9YFI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44IH0MAL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JAT1ONS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QD8926B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZIC2EQI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLUOHHYB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLURZ6JZ (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\GoogleChromeUpService (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/23/2017 at 18:47:57.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 23 January 2017 - 06:24 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {036CBE24-DE3B-11E6-95A0-64006A5CFC23} - C:\Users\Santos\AppData\Roaming\Vvuckchvosh\Jujutshnile.dll -> No File
SearchScopes: HKU\S-1-5-21-4063383439-142346386-2490566706-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br [X] <==== ATTENTION
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
S3 gkernel; C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Santos\Desktop\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
FirewallRules: [{AE855DE7-B878-49B8-BFA9-55C39F8D9FAC}] => C:\Users\Santos\AppData\Local\Temp\is-2DK4K.tmp\download\MiniThunderPlatform.exe
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 23 January 2017 - 06:48 AM

Hello, my browser is working fine again. But there're still some apps..

 

Please see below fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Santos (23-01-2017 19:45:04) Run:2
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {036CBE24-DE3B-11E6-95A0-64006A5CFC23} - C:\Users\Santos\AppData\Roaming\Vvuckchvosh\Jujutshnile.dll -> No File
SearchScopes: HKU\S-1-5-21-4063383439-142346386-2490566706-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br [X] <==== ATTENTION
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
S3 gkernel; C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Santos\Desktop\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
FirewallRules: [{AE855DE7-B878-49B8-BFA9-55C39F8D9FAC}] => C:\Users\Santos\AppData\Local\Temp\is-2DK4K.tmp\download\MiniThunderPlatform.exe
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{036CBE24-DE3B-11E6-95A0-64006A5CFC23} => value removed successfully
HKCR\CLSID\{036CBE24-DE3B-11E6-95A0-64006A5CFC23} => key not found. 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found. 
GoogleChromeUpService => service not found.
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
gkernel => service not found.
HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
ucdrv => service not found.
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\Users\Santos\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE855DE7-B878-49B8-BFA9-55C39F8D9FAC} => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13014185 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 42818 B
Edge => 0 B
Chrome => 248122889 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66573 B
systemprofile32 => 65960 B
LocalService => 66228 B
NetworkService => 67070 B
Santos => 1123617 B
UpdatusUser => 0 B
 
RecycleBin => 16650 B
EmptyTemp: => 250.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:45:19 ====


#8 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 23 January 2017 - 06:55 AM

OK, please give me the names of the apps, thanks.

---

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 23 January 2017 - 07:10 AM

Hello,
 
They are all in Chinese characters. Please see attached pictures. First is the start menu and the second and third are the task manager processes that I feel still have some left.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Santos (administrator) on SANTOS-PC (23-01-2017 20:02:54)
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Windows\KMS-R@1n.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Solid State Networks) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
() D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Providers\o0asda6a: C:\Program Files (x86)\Gipareedese Reports\local64spl.dll
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-01-22] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{076AB01B-369C-4BC8-8562-02966D169345}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-12-27] ( Garena)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
StartMenuInternet: Google Chrome.ZR2GWSFGGGUSUSQ2BYDABVNAW4 - C:\Users\Santos\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HewlettPackardHewlettPackard; C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll [225792 2017-01-22] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2009-01-01] () [File not signed]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032 2017-01-22] ()
R2 Uktain; C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll [136192 2017-01-22] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-22] (REALiX™)
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-01-22] (WinMount International Inc)
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 19:45 - 2017-01-23 19:45 - 00004423 _____ C:\Users\Santos\Desktop\Fixlog.txt
2017-01-23 18:47 - 2017-01-23 18:47 - 00003425 _____ C:\Users\Santos\Desktop\JRT.txt
2017-01-23 18:46 - 2017-01-23 18:46 - 01663040 _____ (Malwarebytes) C:\Users\Santos\Desktop\JRT.exe
2017-01-23 06:18 - 2017-01-23 20:03 - 00008244 _____ C:\Users\Santos\Desktop\FRST.txt
2017-01-23 06:18 - 2017-01-23 06:19 - 00025006 _____ C:\Users\Santos\Desktop\Addition.txt
2017-01-23 06:17 - 2017-01-23 06:17 - 00031817 _____ C:\Users\Santos\Desktop\zoek-results.txt
2017-01-23 06:14 - 2017-01-23 06:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-23 06:02 - 2017-01-23 06:12 - 00000000 ____D C:\zoek_backup
2017-01-23 06:02 - 2017-01-23 06:02 - 01309184 _____ C:\Users\Santos\Desktop\zoek.exe
2017-01-23 06:02 - 2017-01-23 06:02 - 00000787 _____ C:\Users\Santos\Desktop\checkup.txt
2017-01-23 06:00 - 2017-01-23 06:00 - 00852798 _____ C:\Users\Santos\Desktop\SecurityCheck.exe
2017-01-22 21:10 - 2017-01-23 19:46 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-01-22 20:20 - 2017-01-22 20:20 - 00001401 _____ C:\Users\Santos\Downloads\Fixlog.txt
2017-01-22 20:20 - 2017-01-22 20:20 - 00000604 _____ C:\Users\Santos\Downloads\fixlist.txt
2017-01-22 20:14 - 2017-01-22 20:14 - 00037279 _____ C:\Users\Santos\Downloads\Addition.txt
2017-01-22 20:13 - 2017-01-23 20:02 - 00000000 ____D C:\FRST
2017-01-22 20:13 - 2017-01-22 20:14 - 00031961 _____ C:\Users\Santos\Downloads\FRST.txt
2017-01-22 20:13 - 2017-01-22 20:13 - 02420736 _____ (Farbar) C:\Users\Santos\Desktop\FRST64.exe
2017-01-22 20:10 - 2017-01-22 20:11 - 00187420 _____ C:\TDSSKiller.3.1.0.12_22.01.2017_20.10.48_log.txt
2017-01-22 20:09 - 2017-01-22 20:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Santos\Downloads\tdsskiller.exe
2017-01-22 19:59 - 2017-01-22 19:59 - 00000000 ____D C:\Users\Santos\AppData\Local\UCBrowser
2017-01-22 19:59 - 2017-01-22 19:59 - 00000000 _____ C:\Windows\system32\__00000001422863AD__C0000005.dmp
2017-01-22 19:57 - 2017-01-23 06:04 - 00000000 ____D C:\Users\Santos\AppData\Roaming\KuaiZip
2017-01-22 19:57 - 2017-01-22 19:57 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2017-01-22 19:57 - 2017-01-22 19:57 - 00000840 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
2017-01-22 19:57 - 2017-01-22 19:57 - 00000000 ____D C:\Program Files\¿ìѹ
2017-01-22 19:55 - 2017-01-22 19:57 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 01620992 _____ C:\ProgramData\search
2017-01-22 19:55 - 2017-01-22 19:55 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Windows\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Users\Santos\AppData\Roaming\IObit
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-22 19:55 - 2017-01-22 19:55 - 00000000 ____D C:\ProgramData\IObit
2017-01-22 19:54 - 2017-01-22 19:59 - 00000000 ____D C:\Windows\system32\SSL
2017-01-22 19:53 - 2017-01-22 22:42 - 00000000 ____D C:\Program Files (x86)\Relgregeck
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\Users\Santos\AppData\Local\Ckirsh
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\Avira
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\Avg
2017-01-22 19:53 - 2017-01-22 19:53 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-22 19:52 - 2017-01-22 20:55 - 00000000 ____D C:\Users\Santos\Downloads\IDM_6_27_Build_2
2017-01-22 19:46 - 2017-01-22 19:53 - 123642709 _____ C:\Users\Santos\Downloads\Unconfirmed 238911.crdownload
2017-01-22 19:46 - 2017-01-22 19:46 - 00000000 ____D C:\Users\Santos\AppData\Roaming\WinRAR
2017-01-22 19:45 - 2017-01-22 19:45 - 70342176 _____ C:\Users\Santos\Downloads\【Voltron】 Shiro.zip
2017-01-20 00:03 - 2017-01-20 00:03 - 02831046 _____ C:\Windows\7f2a22a77d73d448e4e3d383c3329596.exe
2017-01-16 18:17 - 2017-01-16 18:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-01-16 17:31 - 2017-01-16 17:31 - 00064000 _____ C:\Users\Santos\Desktop\PHIL-IRI-FIL-G2-CAMIA (1).xls
2017-01-08 14:22 - 2017-01-08 14:22 - 00106274 _____ C:\Users\Santos\Downloads\FORM_5A_2016-90959_Second Semester AY 2016-2017.pdf
2017-01-07 16:06 - 2017-01-07 16:06 - 03108408 _____ C:\Users\Santos\Desktop\GRADE-2_3RD-QUARTER.xlsx classr ecord.xlsx
2017-01-05 20:44 - 2017-01-23 19:45 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Temp
2017-01-03 17:46 - 2017-01-03 17:46 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Adobe
2017-01-02 17:40 - 2017-01-23 18:20 - 03122017 _____ C:\Users\Santos\Desktop\GRADE-2_3RD-QUARTER.xlsx
2017-01-02 17:39 - 2017-01-16 18:08 - 03129283 _____ C:\Users\Santos\Desktop\GRADE-2_2ND-QUARTER. Sampaguita.xlsx
2017-01-02 17:39 - 2017-01-02 17:39 - 00000000 ____D C:\Users\Santos\Documents\Custom Office Templates
2017-01-02 17:08 - 2017-01-02 17:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-02 17:08 - 2017-01-02 17:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-02 17:07 - 2017-01-02 17:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-02 17:06 - 2017-01-03 17:46 - 00000000 ____D C:\Users\Santos\AppData\Local\Adobe
2017-01-02 00:54 - 2017-01-10 20:27 - 00000000 ____D C:\Users\Santos\AppData\Roaming\HpUpdate
2017-01-02 00:54 - 2017-01-02 00:54 - 00002287 _____ C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00001241 _____ C:\Users\Public\Desktop\HP Deskjet Ink Adv 2060 K110 Scan.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00001204 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet Ink Adv 2060 K110.lnk
2017-01-02 00:54 - 2017-01-02 00:54 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\ProgramData\HP
2017-01-02 00:54 - 2017-01-02 00:54 - 00000000 ____D C:\Program Files\HP
2017-01-02 00:53 - 2017-01-02 00:55 - 00000000 ____D C:\Users\Santos\AppData\Local\HP
2017-01-02 00:49 - 2017-01-02 00:52 - 48952944 _____ C:\Users\Santos\Downloads\DJ2060_K110_1313-1.exe
2017-01-01 22:42 - 2017-01-10 21:42 - 00000132 _____ C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-01 22:38 - 2017-01-01 22:46 - 11411641 _____ C:\Users\Santos\Desktop\_DSC0270.psd
2017-01-01 22:38 - 2017-01-01 22:42 - 03112104 _____ C:\Users\Santos\Desktop\Untitled-1.psd
2017-01-01 22:27 - 2017-01-01 22:27 - 00000000 ____D C:\Users\Santos\AppData\Roaming\NVIDIA
2017-01-01 22:24 - 2017-01-22 10:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-01 22:24 - 2017-01-01 22:24 - 00000000 ____D C:\Windows\XSxS
2017-01-01 22:07 - 2017-01-01 22:20 - 97271343 _____ (PortableAppZ.blogspot.com) C:\Users\Santos\Downloads\Photoshop.Portable.CS6.13.0.Multilingual.exe
2016-12-31 14:29 - 2016-12-31 14:29 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Macromedia
2016-12-31 14:28 - 2017-01-22 19:54 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Adobe
2016-12-31 14:28 - 2016-12-31 14:28 - 00000000 ____D C:\Users\Santos\AppData\Roaming\LolClient
2016-12-31 14:22 - 2017-01-22 20:12 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-31 14:22 - 2017-01-02 00:54 - 00000000 ____D C:\Program Files (x86)\Hp
2016-12-31 11:56 - 2016-12-31 14:17 - 400556032 _____ C:\Program Files (x86)\GarenaPHLoL_Install_20161215.0.dat
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\Users\Santos\AppData\Local\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\ProgramData\Garena
2016-12-31 11:51 - 2016-12-31 11:51 - 00000000 ____D C:\GarenaDownload
2016-12-31 11:50 - 2017-01-20 20:57 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-12-31 11:50 - 2016-12-31 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-12-31 11:50 - 2016-12-31 11:50 - 00001066 _____ C:\Users\Santos\Desktop\Garena+.lnk
2016-12-31 11:45 - 2016-12-31 11:50 - 95161176 _____ C:\Users\Santos\Downloads\Garena+_Install.exe
2016-12-31 10:54 - 2016-12-31 10:54 - 00000000 ___SD C:\Users\UpdatusUser\AppData\LocalLow\Microsoft
2016-12-31 10:53 - 2017-01-23 19:53 - 00000000 ____D C:\Users\Santos\AppData\Roaming\GarenaPlus
2016-12-31 10:53 - 2017-01-23 19:53 - 00000000 ____D C:\ProgramData\GarenaMessenger
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 19:53 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-23 19:53 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-23 19:50 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-23 19:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-01-23 19:48 - 2009-01-01 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-01-23 19:46 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-23 19:46 - 2009-01-01 17:07 - 00002475 _____ C:\Users\Santos\Desktop\Google Chrome.lnk
2017-01-23 19:37 - 2009-01-01 17:00 - 00002073 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-23 19:37 - 2009-01-01 17:00 - 00002073 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-01-22 19:53 - 2009-01-01 17:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-01 22:51 - 2009-01-01 17:07 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-01 14:31 - 2009-07-14 12:45 - 00446704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-31 21:56 - 2009-01-01 17:16 - 00112648 _____ C:\Users\Santos\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-31 20:48 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\wdi
2016-12-31 19:14 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\winsxs
2016-12-31 19:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-12-31 18:59 - 2011-07-04 03:11 - 00000000 ____D C:\Windows\nl-NL
2016-12-31 18:59 - 2011-04-12 16:28 - 00000000 ____D C:\Windows\ehome
2016-12-31 18:59 - 2011-04-12 16:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\SysWOW64\Drivers\UMDF
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\winrm
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\WCN
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-12-31 18:59 - 2011-04-12 16:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Media Player
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Media Player
2016-12-31 18:59 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\wbem
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\nl-NL
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\migration
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\DriverStore
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\wbem
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Setup
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\oobe
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\nl-NL
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\MUI
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\migration
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Dism
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\com
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\servicing
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows Mail
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Windows Mail
2016-12-31 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-31 18:58 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Logs
2016-12-31 14:22 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-31 14:22 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\assembly
2016-12-31 11:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-31 10:54 - 2009-01-01 17:06 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2016-12-31 10:53 - 2009-01-01 17:06 - 00000000 ___SD C:\Users\UpdatusUser\AppData\Roaming\Microsoft
 
==================== Files in the root of some directories =======
 
2016-12-31 11:56 - 2016-12-31 14:17 - 400556032 _____ () C:\Program Files (x86)\GarenaPHLoL_Install_20161215.0.dat
2017-01-01 22:42 - 2017-01-10 21:42 - 0000132 _____ () C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-02 00:54 - 2017-01-02 00:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-22 19:55 - 2017-01-22 19:55 - 1620992 _____ () C:\ProgramData\search
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-23 1Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Santos (23-01-2017 20:03:17)
Running from C:\Users\Santos\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-01-01 09:00:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4063383439-142346386-2490566706-500 - Administrator - Disabled)
Guest (S-1-5-21-4063383439-142346386-2490566706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063383439-142346386-2490566706-1003 - Limited - Enabled)
Santos (S-1-5-21-4063383439-142346386-2490566706-1000 - Administrator - Enabled) => C:\Users\Santos
UpdatusUser (S-1-5-21-4063383439-142346386-2490566706-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {238397F0-2C77-4822-8519-E72FD087B28E} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-12-27] ()
Task: {3CFE4941-6880-4901-94F1-137289B32328} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {A86062D9-534A-48F5-878E-B37137AE1744} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {B3EE5DA0-25F3-46F6-85EF-C37EA45CEBC7} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe [2017-01-22] ()
Task: {C5A20AD8-E2AA-4192-960C-220C6D96B605} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F2448782-ED59-42F5-8EB9-817189DD525F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-01-01 17:06 - 2013-02-10 09:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-22 17:59 - 2013-02-22 17:59 - 06523456 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00524696 _____ () C:\Program Files\¿ìѹ\X64\KZipShell.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00175096 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2009-01-01 17:16 - 2009-01-01 17:16 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2016-12-27 19:06 - 2016-12-27 19:06 - 09136632 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2016-12-27 18:11 - 2017-01-16 17:54 - 07340536 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
2016-12-31 14:04 - 2016-05-05 06:54 - 00074752 _____ () D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LOLClient.exe
2016-12-27 19:06 - 2016-12-27 19:06 - 03436536 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00219032 _____ () c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll
2017-01-22 19:53 - 2017-01-22 19:53 - 00136192 _____ () c:\program files (x86)\relgregeck\vohekzektaincnf.dll
2017-01-22 20:12 - 2017-01-22 20:12 - 00225792 ____H () C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00117240 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00046072 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2016-12-27 19:07 - 2017-01-18 18:16 - 00047568 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00063992 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00100304 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00499704 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00037416 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00183760 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00386088 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00197112 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2016-12-27 19:07 - 2016-12-27 19:07 - 00232440 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00165328 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00971216 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00067576 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00238072 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 02216952 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00205304 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00167928 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 04892664 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00078328 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00029648 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 01558480 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00968232 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00257528 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00038440 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00529400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00080888 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00114128 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00242680 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00411088 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2016-12-27 19:07 - 2016-12-27 19:07 - 00237096 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2013-02-22 17:59 - 2013-02-22 17:59 - 06523472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00116728 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00076240 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00046032 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2016-12-27 18:11 - 2017-01-13 21:16 - 00394744 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00829944 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00053752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
2016-12-27 18:12 - 2017-01-16 17:55 - 00035792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00460648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 02498552 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00121336 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00042024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00437712 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00090064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00066000 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00387024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00059856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00079352 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00054264 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00067624 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00101928 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00147448 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00043000 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00251344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2016-12-27 18:12 - 2016-12-27 18:12 - 01060344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00069112 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2016-12-27 18:11 - 2016-12-27 18:11 - 00112080 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00140280 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00150480 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00123384 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00879056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2016-12-27 18:12 - 2016-12-27 18:12 - 00068560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 00702416 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 00099792 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2009-01-01 17:07 - 2013-12-04 10:48 - 04055504 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2009-01-01 17:07 - 2013-12-04 10:48 - 00399312 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2009-01-01 17:07 - 2013-12-04 10:47 - 01619408 _____ () C:\Users\Santos\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3F00DE79-D4E3-4400-8A8F-EE0D647E8D22}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{287BE859-68C8-43AC-9E02-C7C15802C1E5}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{049089B8-0DD8-4440-9B3B-9CD4A180FD10}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0C094980-767D-42E1-B842-2B084C007D40}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7E4AEF9-54A2-407E-ADDB-50FAF544D24B}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F5860F0-E236-4725-A017-8C4C3C5E7DCF}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{833F98E7-73F2-4E5F-8DBA-6338F42B8B35}] => D:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{E16A26B9-86BE-4DD5-BBFB-F29A50E115E6}] => LPort=8370
FirewallRules: [{6344B179-4CB3-4039-A9B2-352ED2717091}] => LPort=8370
FirewallRules: [{055A9FB5-A096-4A39-998E-377701810704}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7ABD38CF-E83D-4413-B5B2-5DC12C9D8BFD}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{B6BE08F9-E767-492B-A01C-5D36ED37752A}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{9355E314-BE2F-4C8A-810F-F41108B5DAE5}] => D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{E5A516A0-2534-4C47-A461-D0AC044B3875}] => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{568165E8-30AD-4A3C-8279-06DFBD4E7A69}] => LPort=6971
FirewallRules: [{44D4F5BA-D38C-4EB2-BC7D-B55C894467BE}] => LPort=6971
FirewallRules: [{381E4749-7101-461E-9CE6-36483DD51033}] => LPort=6951
FirewallRules: [{C1A2D4C4-BEBF-4AC6-9E35-AF7C37A8FD8D}] => LPort=6951
FirewallRules: [{F336FAF8-F830-4920-ABEB-4BD5FF166595}] => LPort=6940
FirewallRules: [{B3EEF2F0-BA19-4754-B308-D9EE0255F9C1}] => LPort=6940
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
 
==================== Restore Points =========================
 
23-01-2017 06:03:36 zoek.exe restore point
23-01-2017 18:46:47 JRT Pre-Junkware Removal
23-01-2017 19:45:08 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2017 07:53:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/23/2017 07:53:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/23/2017 07:47:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/23/2017 07:45:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4454e610-aaee-4ee7-bca5-707007fcb203}
 
Error: (01/23/2017 06:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/23/2017 05:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/23/2017 06:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/23/2017 06:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/22/2017 10:44:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/22/2017 08:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 22.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: de8
 
Start Time: 01d274a9d95603fa
 
Termination Time: 59
 
Application Path: C:\Users\Santos\Downloads\FRST64.exe
 
Report Id:
 
 
System errors:
=============
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HewlettPackardHewlettPackard service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Uktain service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KuaizipUpdateChecker service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS-R@1n service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/23/2017 07:45:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-01-23 19:46:18.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 19:46:18.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 18:50:27.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 18:50:27.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 17:19:07.660
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 17:19:07.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 06:15:31.112
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 06:15:31.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 05:58:35.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-23 05:58:35.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 8143.78 MB
Available physical RAM: 6628.27 MB
Total Virtual: 16285.75 MB
Available Virtual: 14593.11 MB
 
==================== Drives ================================
 
Drive c: (O,S) (Fixed) (Total:49.92 GB) (Free:19.63 GB) NTFS
Drive d: (Files) (Fixed) (Total:415.74 GB) (Free:57.61 GB) NTFS
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D063F16)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================9:42
 
==================== End of FRST.txt ============================
 
 
 

Attached Files



#10 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 23 January 2017 - 08:23 AM

Ok, please right click these suspect start menu items and select remove from list...

 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-01-22]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032 2017-01-22]
S3 gkernel; C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
2017-01-22 19:57 - 2017-01-22 19:57 - 00000840 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
C:\Program Files\¿ìѹ
2017-01-22 19:45 - 2017-01-22 19:45 - 70342176 _____ C:\Users\Santos\Downloads\【Voltron】 Shiro.zip
2017-01-22 19:57 - 2017-01-22 19:57 - 00524696 _____ C:\Program Files\¿ìѹ\X64\KZipShell.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00219032 _____ c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 23 January 2017 - 09:20 AM

Thanks so much so far for your patience... I'm still a bit bothered about my task manager processes (See attached above)... Are there any existing malware that we can fix? Also, I have this SKyDive Pro option when I right click (See attached image)...

 

See below for my fixlog.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Santos (23-01-2017 22:08:08) Run:3
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-01-22]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032 2017-01-22]
S3 gkernel; C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X]
2017-01-22 19:57 - 2017-01-22 19:57 - 00000840 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
C:\Program Files\¿ìѹ
2017-01-22 19:45 - 2017-01-22 19:45 - 70342176 _____ C:\Users\Santos\Downloads\?Voltron? Shiro.zip
2017-01-22 19:57 - 2017-01-22 19:57 - 00524696 _____ C:\Program Files\¿ìѹ\X64\KZipShell.dll
2017-01-22 19:57 - 2017-01-22 19:57 - 00219032 _____ c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found. 
HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker => key removed successfully
KuaizipUpdateChecker => service removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk => moved successfully
C:\Program Files\¿ìѹ => moved successfully
"C:\Users\Santos\Downloads\?Voltron? Shiro.zip" => not found.
"C:\Program Files\¿ìѹ\X64\KZipShell.dll" => not found.
"c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4557165 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 4272 B
Edge => 0 B
Chrome => 80252945 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 67452 B
Santos => 6320603 B
UpdatusUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 87.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:08:21 ====

Attached Files

  • Attached File  PC 6.png   15.56KB   1 downloads


#12 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 23 January 2017 - 09:40 AM

:step1: Which processes do you mean? Tell me the names please.

KMS-R is running - this is crack / keygen software !
Did you install it to use illegal/cracked software or can we remove KMS-R ?

Do you have licences for Windows, Office and so on?

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 24 January 2017 - 07:29 AM

I think my programs are cracked so I guess I would want to keep the KMS-R... I'm not very knowledgeable about these things so I am requesting assistance whether or not it should be removed. My PC is fairly new and the only thing I could think of is the cracked OS/MS Office...
 
Please see below logs:
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8539369472, free: 6791008256
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8539369472, free: 6853328896
 
Downloaded database version: v2017.01.24.03
Downloaded database version: v2016.11.20.01
Downloaded database version: v2017.01.23.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/24/2017 20:15:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\KuaiZipDrive.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.01.24.03
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800779d9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007146580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800719d680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075d68c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8D063F16
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5BC53D8B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 104681472
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 104888385  Numsec = 871879680
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Windows\KMS-QADhook.dll --> [HackTool.Agent.KMS]
File C:\Windows\System32\drivers\KuaiZipDrive.sys will be destroyed
Infected: C:\Windows\System32\drivers\KuaiZipDrive.sys --> [PUP.Optional.Kuaizip]
Infected: C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe --> [Trojan.Agent.E]
Infected: HKLM\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\Maoha --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\o0asda6a|Name --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\O0ASDA6A --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Uktain --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: HKU\.DEFAULT\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-18\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\SOFTWARE\Maoha --> [Adware.Elex]
Scan finished
 
 
# AdwCleaner v6.042 - Logfile created 24/01/2017 at 20:28:47
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-24.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Santos - SANTOS-PC
# Running from : C:\Users\Santos\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  KuaiZipDrive
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
Folder Found:  C:\Users\Santos\AppData\Roaming\Kuaizip
 
 
***** [ Files ] *****
 
File Found:  C:\Windows\SysNative\drivers\KuaiZipDrive.sys
File Found:  C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
Shortcut infected:  C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://fanli90.cn/ )
Shortcut infected:  C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://fanli90.cn/ )
Shortcut infected:  C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://fanli90.cn/ )
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  Microsoft\Windows\Multimedia\Manager
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.ape
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.bin
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.cue
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.flac
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.iso
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.isz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.mds
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.wv
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
Key Found:  HKU\.DEFAULT\Software\ompndb
Key Found:  HKU\.DEFAULT\Software\jhdbca
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Installer
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\AutoTime
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\KuaiZip
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\SNDA
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\KuaiZipSFX
Key Found:  HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Maoha
Key Found:  HKU\S-1-5-18\Software\ompndb
Key Found:  HKU\S-1-5-18\Software\jhdbca
Key Found:  HKCU\Software\Installer
Key Found:  HKCU\Software\AutoTime
Key Found:  HKCU\Software\KuaiZip
Key Found:  HKCU\Software\SNDA
Key Found:  HKCU\Software\KuaiZipSFX
Key Found:  HKCU\Software\Maoha
Key Found:  HKLM\SOFTWARE\Maoha
Key Found:  HKLM\SOFTWARE\ompndb
Key Found:  HKLM\SOFTWARE\jhdbca
Key Found:  [x64] HKCU\Software\Installer
Key Found:  [x64] HKCU\Software\AutoTime
Key Found:  [x64] HKCU\Software\KuaiZip
Key Found:  [x64] HKCU\Software\SNDA
Key Found:  [x64] HKCU\Software\KuaiZipSFX
Key Found:  [x64] HKCU\Software\Maoha
Key Found:  [x64] HKLM\SOFTWARE\ompndb
Key Found:  [x64] HKLM\SOFTWARE\jhdbca
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
Key Found:  HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Key Found:  HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
Key Found:  HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [18479 Bytes] - [24/01/2017 20:28:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18553 Bytes] ##########
 


#14 Jo*

Jo*

  • Malware Response Team
  • 3,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:34 PM

Posted 24 January 2017 - 08:17 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***


:step4: How the computer is running now?
Are the Random Software Downloads and Browser Pop-ups gone?




***


Edited by Jo*, 24 January 2017 - 08:18 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 24 January 2017 - 09:03 AM

Hello, here're my logs... My PC is working better now, no pop-ups so far and the softwares have stopped downloading randomly. I guess that Skydive Pro is just going to stay there since it isn't causing any problems... Thanks a lot for the help so far!

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8539369472, free: 6791008256
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8539369472, free: 6853328896
 
Downloaded database version: v2017.01.24.03
Downloaded database version: v2016.11.20.01
Downloaded database version: v2017.01.23.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/24/2017 20:15:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\KuaiZipDrive.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.01.24.03
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800779d9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007146580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800719d680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075d68c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8D063F16
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5BC53D8B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 104681472
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 104888385  Numsec = 871879680
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Windows\KMS-QADhook.dll --> [HackTool.Agent.KMS]
File C:\Windows\System32\drivers\KuaiZipDrive.sys will be destroyed
Infected: C:\Windows\System32\drivers\KuaiZipDrive.sys --> [PUP.Optional.Kuaizip]
Infected: C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe --> [Trojan.Agent.E]
Infected: HKLM\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\Maoha --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\o0asda6a|Name --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\O0ASDA6A --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Uktain --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: HKU\.DEFAULT\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-18\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\SOFTWARE\Maoha --> [Adware.Elex]
Scan finished
User declined to cleanup malware.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-104888385-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\KuaiZipDrive.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\KuaiZipDrive.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\KuaiZipDrive.sys-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\KuaiZipDrive.sys-(1)-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8539369472, free: 6917746688
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/24/2017 21:48:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\KuaiZipDrive.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.01.24.03
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800779d9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007146580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800719d680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075d68c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800779d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007336060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8D063F16
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5BC53D8B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 104681472
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 104888385  Numsec = 871879680
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\Santos\AppData\Local\Temp\DBUpdater.exe --> [Adware.Elex]
Infected: C:\Windows\KMS-QADhook.dll --> [HackTool.Agent.KMS]
File C:\Windows\System32\drivers\KuaiZipDrive.sys will be destroyed
Infected: C:\Windows\System32\drivers\KuaiZipDrive.sys --> [PUP.Optional.Kuaizip]
Infected: C:\Users\Santos\AppData\Roaming\Adobe\Manager.exe --> [Trojan.Agent.E]
Infected: HKLM\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\jhdbca --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\Maoha --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\o0asda6a|Name --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\O0ASDA6A --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Uktain --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: C:\Program Files (x86)\Relgregeck\Vohekzektaincnf.dll --> [Adware.Elex]
Infected: HKU\.DEFAULT\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-18\SOFTWARE\jhdbca --> [Adware.Elex]
Infected: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\SOFTWARE\Maoha --> [Adware.Elex]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
# AdwCleaner v6.042 - Logfile created 24/01/2017 at 21:57:14
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-24.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Santos - SANTOS-PC
# Running from : C:\Users\Santos\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: KuaiZipDrive
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Santos\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Folder deleted: C:\Users\Santos\AppData\Roaming\Kuaizip
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut disinfected: C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: Microsoft\Windows\Multimedia\Manager
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Key deleted: HKU\.DEFAULT\Software\ompndb
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Installer
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\KuaiZipSFX
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\KuaiZipSFX
[-] Key deleted: HKLM\SOFTWARE\ompndb
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZipSFX
[-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [21194 Bytes] - [24/01/2017 21:57:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [19269 Bytes] - [24/01/2017 20:28:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [18904 Bytes] - [24/01/2017 21:56:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [21416 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Santos (Administrator) on Tue 01/24/2017 at 21:59:03.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32R81D7R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4F023P99 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65HE1QAL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUJ297M8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JV51EXFQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZQ4LFX4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIXWV23R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLIHVL13 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32R81D7R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4F023P99 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65HE1QAL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUJ297M8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JV51EXFQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZQ4LFX4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIXWV23R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLIHVL13 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/24/2017 at 22:00:17.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users