Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm really badly infected, where do I start my clearing?


  • Please log in to reply
12 replies to this topic

#1 sinine

sinine

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 28 February 2017 - 08:22 PM

I did something stupid and now my laptop, win 10 if it's important, is really infected. I'm scanning my laptop with Avast right now, and it's done only 7% and have 22 viruses already.

I'll wait til it's done but I'm sure I won't get rid of everything that way. What else would be useful to do?

 

The only thing that's really sticking out right now is that I cannot change my internet homepage, even after doing it once it changes back to this other random one.

And there is this one weird programme or something, dunno what it is, that I cannot get rid of any way. It's some chinese thing and it randomly opens some random chinese webpage in I don't know what browser.

 

? Help!



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:00 PM

Posted 28 February 2017 - 09:14 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 01 March 2017 - 03:07 PM

Security Check results:

Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     24.0.0.221  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (Signing.)
 Google Chrome (56.0.2924.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 EMT Internet OnlineUpdate ouc.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#4 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 01 March 2017 - 03:10 PM

FSS results:

Farbar Service Scanner Version: 27-01-2016
Ran by Diana (administrator) on 01-03-2017 at 22:08:46
Running from "C:\Users\Diana\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#5 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 01 March 2017 - 03:13 PM

MiniToolBox results:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Diana (administrator) on 01-03-2017 at 22:12:06
Running from "C:\Users\Diana\Desktop"
Microsoft Windows 10 Home  (X64)
Model: K50IJ Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

HUAWEI Mobile Connect - Network Adapter = Mobiil-lairibaühendus 4 (Connected)
Qualcomm Atheros AR9285 Wireless Network Adapter = Raadiovõrguühendus (Media disconnected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Kohalik võrguühendus (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=disabled
set interface interface="Kohalik värguhendus* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Mobiil-lairibahendus 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Kohalik värguhendus* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Kohalik värguhendus 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Mobiil-lairibahendus 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Kohalik värguhendus" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Mobiil-lairibahendus 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Mobiil-lairibahendus 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Mobiil-lairibahendus" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Raadiovärguhendus" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Diana-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Kohalik värguhendus:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
   Physical Address. . . . . . . . . : 48-5B-39-24-BA-5D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Raadiovärguhendus:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 1C-4B-D6-90-BD-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Kohalik värguhendus* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-4B-D6-90-BD-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Mobile Broadband adapter Mobiil-lairibahendus 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HUAWEI Mobile Connect - Network Adapter #4
   Physical Address. . . . . . . . . : 58-2C-80-13-92-63
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::85b8:85e9:f43e:485c%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.145.119.60(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 10.145.119.57
   DHCPv6 IAID . . . . . . . . . . . : 290991232
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-31-2E-FA-1C-4B-D6-90-BD-EC
   DNS Servers . . . . . . . . . . . : 192.98.49.8
                                       192.98.49.9
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.98.49.8

Name:    google.com
Addresses:  2a00:1450:400f:808::200e
      172.217.22.174


Pinging google.com [172.217.22.174] with 32 bytes of data:
Reply from 172.217.22.174: bytes=32 time=46ms TTL=54
Reply from 172.217.22.174: bytes=32 time=45ms TTL=54

Ping statistics for 172.217.22.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 46ms, Average = 45ms
Server:  UnKnown
Address:  192.98.49.8

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=187ms TTL=47
Reply from 98.138.253.109: bytes=32 time=181ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 181ms, Maximum = 187ms, Average = 184ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...48 5b 39 24 ba 5d ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
 12...1c 4b d6 90 bd ec ......Atheros AR9285 Wireless Network Adapter
 18...1e 4b d6 90 bd ec ......Microsoft Wi-Fi Direct Virtual Adapter
 13...58 2c 80 13 92 63 ......HUAWEI Mobile Connect - Network Adapter #4
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    10.145.119.57    10.145.119.60    316
    10.145.119.56  255.255.255.248         On-link     10.145.119.60    316
    10.145.119.60  255.255.255.255         On-link     10.145.119.60    316
    10.145.119.63  255.255.255.255         On-link     10.145.119.60    316
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     10.145.119.60    316
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     10.145.119.60    316
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 13    316 fe80::/64                On-link
 13    316 fe80::85b8:85e9:f43e:485c/128
                                    On-link
  1    331 ff00::/8                 On-link
 13    316 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2017 09:51:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktiveerimine nurjus tõrkega: -2147023673. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 09:48:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub aktiveerimine nurjus tõrkega: -2147009284. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 09:48:16 PM) (Source: Application Error) (User: )
Description: Tõrkuv rakendus: Creative Cloud.exe, versioon: 3.3.0.151, ajatempel: 0x55fab2fa
Tõrkuva mooduli nimi: ContainerUI.dll, versioon: 3.3.0.151, ajatempel 0x55fab383
Erandi kood 0xc0000005
Tõrke nihe 0x00016870
Tõrkuva protsessi ID 0x1908
Tõrkuva rakenduse käivitumisaeg: 0xCreative Cloud.exe0
Tõrkuva rakenduse tee: Creative Cloud.exe1
Tõrkuva mooduli tee: Creative Cloud.exe2
Aruande ID: Creative Cloud.exe3
Tõrkuva paketi täisnimi: Creative Cloud.exe4
Tõrkuva paketiga seotud rakenduse ID: Creative Cloud.exe5

Error: (03/01/2017 04:25:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub aktiveerimine nurjus tõrkega: -2147009284. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 04:52:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App aktiveerimine nurjus tõrkega: -2144927142. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 03:54:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktiveerimine nurjus tõrkega: -2144927142. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 03:29:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App aktiveerimine nurjus tõrkega: -2144927142. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 01:25:29 AM) (Source: Application Hang) (User: )
Description: The program TS4.exe version 1.25.136.1020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 25dc

Start Time: 01d29219b5317683

Termination Time: 0

Application Path: D:\Games\The Sims 4\Game\Bin\TS4.exe

Report Id: 1eb51d26-fe0d-11e6-b9ee-485b3924ba5d

Faulting package full name:

Faulting package-relative application ID:

Error: (03/01/2017 01:22:33 AM) (Source: Application Hang) (User: )
Description: The program UCBrowser.exe version 6.0.1471.914 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1edc

Start Time: 01d292196dcdde1c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

Report Id: c60edc23-fe0c-11e6-b9ee-485b3924ba5d

Faulting package full name:

Faulting package-relative application ID:

Error: (03/01/2017 01:19:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.


System errors:
=============
Error: (03/01/2017 09:49:44 PM) (Source: Service Control Manager) (User: )
Description: Connected Devices Platform Service teenus lõpetati järgmise tõrkega:
%%2147500037 = Unspecified error


Error: (03/01/2017 09:46:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2017 09:46:08 PM) (Source: Service Control Manager) (User: )
Description: Teenuse MBAMService käivitamine nurjus järgmise tõrke tõttu:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (03/01/2017 09:46:08 PM) (Source: Service Control Manager) (User: )
Description: Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) MBAMService.

Error: (03/01/2017 09:45:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2017 09:45:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2017 09:45:37 PM) (Source: Service Control Manager) (User: )
Description: Teenuse EMT Internet. RunOuc käivitamine nurjus järgmise tõrke tõttu:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (03/01/2017 09:45:37 PM) (Source: Service Control Manager) (User: )
Description: Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. RunOuc.

Error: (03/01/2017 09:45:37 PM) (Source: Service Control Manager) (User: )
Description: Teenus NetTcpActivator sõltub teenusest NetTcpPortSharing, mille käivitamine nurjus järgmise tõrke tõttu.
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (03/01/2017 04:26:37 PM) (Source: Service Control Manager) (User: )
Description: Connected Devices Platform Service teenus lõpetati järgmise tõrkega:
%%2147500037 = Unspecified error



Microsoft Office Sessions:
=========================
Error: (03/01/2017 09:51:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023673

Error: (03/01/2017 09:48:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2147009284

Error: (03/01/2017 09:48:16 PM) (Source: Application Error)(User: )
Description: Creative Cloud.exe3.3.0.15155fab2faContainerUI.dll3.3.0.15155fab383c000000500016870190801d292c4abc29a33C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\ContainerUI.dlld72ff3e4-90f6-43b3-8b12-faf1b6926e3a

Error: (03/01/2017 04:25:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2147009284

Error: (03/01/2017 04:52:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2144927142

Error: (03/01/2017 03:54:10 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927142

Error: (03/01/2017 03:29:45 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Diana-PC)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2144927142

Error: (03/01/2017 01:25:29 AM) (Source: Application Hang)(User: )
Description: TS4.exe1.25.136.102025dc01d29219b53176830D:\Games\The Sims 4\Game\Bin\TS4.exe1eb51d26-fe0d-11e6-b9ee-485b3924ba5d

Error: (03/01/2017 01:22:33 AM) (Source: Application Hang)(User: )
Description: UCBrowser.exe6.0.1471.9141edc01d292196dcdde1c4294967295C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exec60edc23-fe0c-11e6-b9ee-485b3924ba5d

Error: (03/01/2017 01:19:52 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifestd:\rakendused ja programmid\SoftonicDownloader_for_allplayer.exe


CodeIntegrity Errors:
===================================
  Date: 2017-03-01 04:28:50.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-01 04:28:50.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Apowersoft Online Launcher version 1.4.6 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.40.1319 - eCareme Technologies, Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Awakening 6 - The Redleaf Forest Collector's Edition (HKLM-x32\...\Awakening 6 - The Redleaf Forest Collector's EditionFinal) (Version: Final - Game-Owl.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Chrome Token Signing (HKLM-x32\...\{74809CC7-503C-41A7-BC6E-F3A187A61D13}) (Version: 1.0.3.413 - RIA) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3509a - CyberLink Corp.)
DigiDoc3 Client (HKLM-x32\...\{C2893A8E-0D1F-4C77-98C4-E8636D7EB266}) (Version: 3.12.3.1466 - RIA) Hidden
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
eID software (HKLM-x32\...\{dcd7f5af-d4bf-400f-93fa-30c76c4f6946}) (Version: 3.12.5.1672 - RIA)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
EMT Internet (HKLM-x32\...\EMT Internet) (Version: 23.009.05.03.337 - Huawei Technologies Co.,Ltd)
EstEID Minidriver (HKLM\...\{E390AECE-5998-493A-B072-E16843270424}) (Version: 3.11.0.1175 - RIA) Hidden
EstEID Shell Extension (HKLM\...\{61B63D97-89FB-43DE-82F6-7E08D0077194}) (Version: 3.12.3.1466 - RIA) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Firefox PKCS11 Loader (HKLM\...\{F59F352C-BDD1-42F2-B64A-0027CB767EA1}) (Version: 3.12.0.1068 - RIA) Hidden
Firefox Token Signing Plugin (HKLM-x32\...\{3B8EE8D3-053D-4CCE-BEEC-FD4D0C49242B}) (Version: 3.12.0.1143 - RIA) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software)
Free Video To GIF Maker (HKLM-x32\...\{2C1D31DC-AB15-4D7D-9B2A-4C3001B62805}) (Version: 1.0.0 - Media Freeware)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Haunted Hotel - Death Sentence CE 1.0 (HKLM-x32\...\Haunted Hotel - Death Sentence CE 1.0) (Version: 1.0 - Čćšū ķą Cat-A-Cat.NET)
Hidden Expedition 8. Smithsonian Castle CE 1.0 (HKLM-x32\...\Hidden Expedition 8. Smithsonian Castle CE 1.0) (Version: 1.0 - Eipix Entertainment)
ID-card utility (HKLM-x32\...\{ACCA114D-4D00-4AA6-ADE6-8A9736D56EC6}) (Version: 3.12.4.1226 - RIA) Hidden
IE Token Signing Plugin (HKLM\...\{E38F6D3C-D756-4D0C-B70C-611A8484B6D0}) (Version: 3.12.0.980 - RIA) Hidden
Instagiffer version 1.56 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.56 - Justin Todd)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2021 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Machinarium (HKLM-x32\...\Machinarium) (Version: 11.10.09 - Amanita Design, s.r.o.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Midnight Mysteries 6 -  Ghostwriting Collector's Edition (HKLM-x32\...\Midnight Mysteries 6 -  Ghostwriting Collector's EditionFinal) (Version: Final - Game-Owl.com)
MKV Player 2.1.23 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 51.0.1 (x86 et) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 et)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield)
Open-EID Metapackage (HKLM-x32\...\{2F6D724C-9BC0-494A-8C48-4FA5D91C67AE}) (Version: 3.12.5.1672 - RIA) Hidden
Open-EID Uninstaller (HKLM-x32\...\{78423803-1F1E-434C-93F3-74E779FB15BF}) (Version: 3.12.5.1672 - RIA) Hidden
Open-EID Updater (HKLM-x32\...\{85FC92B6-BD24-44BA-BD3A-BE4A2998EA12}) (Version: 3.12.0.1007 - RIA) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Pazera Free Audio Extractor 2.2 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 2.2 - Jacek Pazera)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Piggly (Christmas Edition) demo v1.00 (HKLM-x32\...\Piggly (Christmas Edition) demo_is1) (Version:  - InterAction studios)
Piggly Christmas Edition (HKLM-x32\...\Piggly Christmas Edition_is1) (Version:  - )
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
RelevantKnowledge (HKLM-x32\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version: 1.3.336.321 - TMRG,  Inc.)
RipTiger 4.5.4 (HKLM-x32\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.4 - cyan soft ltd)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
SnapDo (HKLM-x32\...\{C6E68DE9-AD1F-4059-8E98-42F22D091ECF}) (Version: 1.0.0.0 - Resoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SoundTaxi Media Suite 4.5.4 (HKLM-x32\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.4 - cyan soft ltd)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.00 - NCH Software)
The Sims 4 version final (HKLM-x32\...\The Sims 4_is1) (Version: final - Anonymous)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video Download Capture V6.1.9 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.1.9 - APOWERSOFT LIMITED)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.58 - NCH Software)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8EE1E742-A4F1-40AD-B065-CB9220C9A8CC}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live'i sisselogimisabimees (HKLM-x32\...\{244BCCFD-5D56-487F-8910-4AE5D6E8EDF9}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live'i üleslaadimistööriist (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Visual Web Ripper (HKLM-x32\...\{9F691A52-90AC-4223-AB9B-615F22214DB3}_is1) (Version: 2 - Sequentum Pty Ltd)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.148 - Company Inc.)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 4061.08 MB
Available physical RAM: 2041.34 MB
Total Virtual: 8157.08 MB
Available Virtual: 5750.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:116 GB) (Free:62.67 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:121.46 GB) NTFS
5 Drive i: (EMT Internet) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\DIANA-PC

Administrator            DefaultAccount           Diana                    
Guest                    

========================= Restore Points ==================================


**** End of log ****



#6 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 01 March 2017 - 05:29 PM

Malwarebytes results:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/17
Scan Time: 10:19 PM
Logfile: mal.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1395
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445982
Time Elapsed: 1 hr, 43 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 3
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELD.EXE, Quarantined, [642], [308998],1.0.1395
PUP.Optional.RelevantKnowledge, C:\PROGRAM FILES (X86)\RELEVANTKNOWLEDGE\RLSERVICE.EXE, Quarantined, [1474], [296186],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELDUP.EXE, Quarantined, [642], [308998],1.0.1395

Module: 6
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELD.EXE, Quarantined, [642], [308998],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\SSLEAY32.DLL, Quarantined, [642], [308997],1.0.1395
PUP.Optional.RelevantKnowledge, C:\PROGRAM FILES (X86)\RELEVANTKNOWLEDGE\RLSERVICE.EXE, Quarantined, [1474], [296186],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELDUP.EXE, Quarantined, [642], [308998],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\LIBEAY32.DLL, Quarantined, [642], [308997],1.0.1395
Adware.Kuaiba, C:\PROGRAM FILES\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KZIPSHELL.DLL, Quarantined, [84], [360271],1.0.1395

Registry Key: 339
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshield, Delete-on-Reboot, [642], [308998],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge, Delete-on-Reboot, [1474], [296186],1.0.1395
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshieldup, Delete-on-Reboot, [642], [308998],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.PropertyExt, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.PropertyExt.1, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.DragDropMenu, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.DragDropMenu.1, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.ContextMenuExt, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.ContextMenuExt.1, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.KzShlobj, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.KzShlobj.1, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.KYDropHandler, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\QZipShell.KYDropHandler.1, Quarantined, [84], [360271],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32, Quarantined, [84], [360271],1.0.1395
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwescontroller, Quarantined, [642], [326162],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\INTERFACE\{B28F9114-243E-4046-B173-11825352D18A}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B28F9114-243E-4046-B173-11825352D18A}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B28F9114-243E-4046-B173-11825352D18A}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\TYPELIB\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}, Quarantined, [8569], [169992],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Quarantined, [1412], [346210],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Quarantined, [8569], [169993],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO.1, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Quarantined, [25], [351113],1.0.1395
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [25], [351113],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Delete-on-Reboot, [96], [259987],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.001, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.002, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.003, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.004, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.005, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.006, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.007, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.008, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.009, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.010, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.011, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.012, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.013, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.014, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.015, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.016, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.017, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.018, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.019, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.020, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.021, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.022, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.023, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.024, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.025, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.026, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.027, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.028, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.029, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.030, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.031, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.032, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.033, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.034, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.035, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.036, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.037, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.038, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.039, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.040, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.041, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.042, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.043, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.044, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.045, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.046, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.047, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.048, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.049, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.050, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.051, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.052, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.053, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.054, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.055, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.056, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.057, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.058, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.059, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.060, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.061, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.062, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.063, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.064, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.065, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.066, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.067, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.068, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.069, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.070, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.071, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.072, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.073, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.074, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.075, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.076, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.077, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.078, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.079, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.080, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.081, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.082, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.083, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.084, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.085, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.086, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.087, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.088, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.089, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.090, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.091, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.092, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.093, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.094, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.095, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.096, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.097, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.098, Delete-on-Reboot, [84], [374779],1.0.1395
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.099, Delete-on-Reboot, [84], [374779],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROLEAVES\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, Delete-on-Reboot, [695], [339688],1.0.1395
PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuaiZipDrive, Delete-on-Reboot, [1412], [329545],1.0.1395
PUP.Optional.InstallCore, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\csastats, Delete-on-Reboot, [8], [260986],1.0.1395
PUP.Optional.Kuaizip, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\KuaiZip, Delete-on-Reboot, [1412], [348603],1.0.1395
PUP.Optional.Kuaizip, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\KuaiZipSFX, Delete-on-Reboot, [1412], [348613],1.0.1395
Adware.Elex, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\Maoha, Delete-on-Reboot, [305], [358176],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.001, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.002, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.003, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.004, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.005, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.006, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.007, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.008, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.009, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.01, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.010, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.011, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.012, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.013, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.014, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.015, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.016, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.017, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.018, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.019, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.02, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.020, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.021, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.022, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.023, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.024, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.025, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.026, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.027, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.028, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.029, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.03, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.030, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.031, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.032, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.033, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.034, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.035, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.036, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.037, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.038, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.039, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.04, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.040, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.041, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.042, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.043, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.044, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.045, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.046, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.047, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.048, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.049, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.05, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.050, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.051, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.052, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.053, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.054, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.055, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.056, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.057, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.058, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.059, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.06, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.060, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.061, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.062, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.063, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.064, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.065, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.066, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.067, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.068, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.069, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.07, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.070, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.071, Quarantined, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.072, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.073, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.074, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.075, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.076, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.077, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.078, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.079, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.08, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.080, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.081, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.082, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.083, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.084, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.085, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.086, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.087, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.088, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.089, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.09, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.090, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.091, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.092, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.093, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.094, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.095, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.096, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.097, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.098, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.099, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.7z, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.arj, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.bz2, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.cab, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.gz, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.gzip, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.jar, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.kz, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.lzh, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.mou, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.rar, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.rpm, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.tar, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.tbz, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.tgz, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.wim, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.z, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.zip, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.ape, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.bin, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.ccd, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.cue, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application Installer, Delete-on-Reboot, [695], [333868],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.flac, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Traffic Exchange, Delete-on-Reboot, [695], [333881],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.iso, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Delete-on-Reboot, [96], [259989],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.isz, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.mdf, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.mds, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.nrg, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.vcd, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.wv, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuaizipUpdateChecker, Delete-on-Reboot, [1412], [329539],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount_FileAsso.Origin, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip_FileAsso.Origin, Delete-on-Reboot, [1412], [358174],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KuaiZip_Update, Delete-on-Reboot, [1412], [329556],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Guard, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Guardian, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Updater, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 1, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 2, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 3, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 1, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 2, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 3, Delete-on-Reboot, [695], [333862],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{00C88B00-C292-4DC2-A247-0C54D6BFA949}, Quarantined, [1412], [329550],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{13B29DEB-6790-4417-9762-0D9A1922FC5E}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D7E0F7B-9CB4-4B29-BB81-2B085354D05A}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D3CEC44-79A9-49F6-BE83-CD9788B34D65}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6EF2E822-9CF4-4127-8D59-4481DC112A26}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7ECA7CD9-CE70-4B51-87F6-AA1AAB493716}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{858BCBC0-C4A7-4067-9633-7795DD4BDD70}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CE6EB48-E46C-496B-8BBF-82D710A02F56}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A0D4E19F-0E3F-4D37-A173-6F68CAF81153}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A27353A0-EEF2-4602-82A7-9A27A5CDCCBB}, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8259814-353D-4050-B68F-B223EC16E09B}, Quarantined, [695], [333861],1.0.1395
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\Maoha, Quarantined, [305], [358177],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASAPI32, Quarantined, [1474], [184776],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASMANCS, Quarantined, [1474], [184776],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}, Quarantined, [1474], [212281],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, Quarantined, [695], [335317],1.0.1395
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C6E68DE9-AD1F-4059-8E98-42F22D091ECF}, Quarantined, [399], [259072],1.0.1395
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [96], [259928],1.0.1395
PUP.Optional.ProductSetup, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [17441], [242047],1.0.1395

Registry Value: 32
PUP.Optional.Elex.ClnShrt, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\ENVIRONMENT|SNF, Quarantined, [1642], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Delete-on-Reboot, [96], [259987],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6E95BB59-5820-4BB3-8D6A-9798E9917228}, Delete-on-Reboot, [1474], [257573],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{597F7872-29CE-44CE-AEF5-CAAFD4E6D38B}, Delete-on-Reboot, [1474], [257573],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{27D51E1B-07AC-4117-A366-F5E086561876}, Delete-on-Reboot, [1474], [257573],1.0.1395
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{FD3858FE-BE9B-4158-8CD0-9F5F44E43B2D}, Delete-on-Reboot, [1474], [257573],1.0.1395
PUP.Optional.Linkury, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Delete-on-Reboot, [399], [259313],1.0.1395
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Delete-on-Reboot, [96], [259989],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Delete-on-Reboot, [96], [259988],1.0.1395
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{00C88B00-C292-4DC2-A247-0C54D6BFA949}|PATH, Quarantined, [1412], [329550],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{13B29DEB-6790-4417-9762-0D9A1922FC5E}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D7E0F7B-9CB4-4B29-BB81-2B085354D05A}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D3CEC44-79A9-49F6-BE83-CD9788B34D65}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6EF2E822-9CF4-4127-8D59-4481DC112A26}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7ECA7CD9-CE70-4B51-87F6-AA1AAB493716}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{858BCBC0-C4A7-4067-9633-7795DD4BDD70}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CE6EB48-E46C-496B-8BBF-82D710A02F56}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A0D4E19F-0E3F-4D37-A173-6F68CAF81153}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A27353A0-EEF2-4602-82A7-9A27A5CDCCBB}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8259814-353D-4050-B68F-B223EC16E09B}|PATH, Quarantined, [695], [333861],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|CONTACT, Quarantined, [695], [333851],1.0.1395
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|URLINFOABOUT, Quarantined, [695], [335317],1.0.1395
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C6E68DE9-AD1F-4059-8E98-42F22D091ECF}|DISPLAYNAME, Quarantined, [399], [259072],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\ENVIRONMENT|SNP, Quarantined, [96], [259518],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\ENVIRONMENT|SNF, Quarantined, [96], [259517],1.0.1395
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Delete-on-Reboot, [399], [259314],1.0.1395
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshield|IMAGEPATH, Delete-on-Reboot, [642], [326218],1.0.1395
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshieldup|IMAGEPATH, Delete-on-Reboot, [642], [326218],1.0.1395
Hijack.ShellA.Gen, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, Delete-on-Reboot, [15441], [187664],1.0.1395
PUP.Optional.ProductSetup, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [17441], [242047],1.0.1395

Registry Data: 5
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [96], [293485],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [96], [293485],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [96], [293485],1.0.1395
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [96], [293486],1.0.1395
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [399], [293477],1.0.1395

Data Stream: 0
(No malicious items detected)

Folder: 110
PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates, Delete-on-Reboot, [695], [335288],1.0.1395
PUP.Optional.OnlineIO, C:\PROGRAMDATA\Microleaves\Traffic Exchange, Delete-on-Reboot, [695], [335288],1.0.1395
PUP.Optional.Linkury, C:\PROGRAMDATA\NetworkPacketManitor, Delete-on-Reboot, [399], [331423],1.0.1395
PUP.Optional.Kuaizip, C:\USERS\DIANA\APPDATA\ROAMING\KuaiZip, Quarantined, [1412], [358169],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\cert\SSL, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\cert, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\My Web Shield, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MarketScore, C:\PROGRAM FILES (X86)\RelevantKnowledge, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\USERS\DIANA\APPDATA\LOCAL\kemgadeojglibflomicgnfeopkdfflnk, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.MarketScore, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\RELEVANTKNOWLEDGE, Quarantined, [12839], [171863],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\USERS\DIANA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\fnhfdmnphmbbjbgppnpcddkefmeokfho, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\USERS\DIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS1C6122.DEFAULT-1487412031373\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR, Delete-on-Reboot, [399], [259312],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\lang, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\lang, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\sfx, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\data, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\skin, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\ali, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\PROGRAM FILES\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\TRAFFIC EXCHANGE, Quarantined, [695], [373825],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\es_419, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en_US, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\zh_CN, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt_PT, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en_GB, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt_BR, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\zh_TW, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fil, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\am, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ar, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\be, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\bg, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\bn, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ca, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\cs, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\da, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\de, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\el, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\es, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\et, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fa, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fi, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fr, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\gu, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\he, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hr, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hu, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\id, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\it, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ja, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\kn, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ko, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\lt, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\lv, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\mk, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ml, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\mr, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ms, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\nl, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\no, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pl, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ro, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ru, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sk, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sl, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sq, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sr, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sv, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sw, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ta, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\te, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\th, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\tr, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\uk, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\vi, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hi, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\icons, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\files, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{E3605470-291B-44EB-8648-745EE356599A}, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.BundleInstaller, C:\USERS\DIANA\APPDATA\LOCAL\TEMP\11911093, Quarantined, [39], [341983],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\GOLDENTRAX, Delete-on-Reboot, [96], [302558],1.0.1395

File: 289
PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates\mupdates.aiu, Delete-on-Reboot, [695], [335288],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELD.EXE, Delete-on-Reboot, [642], [308998],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\SSLEAY32.DLL, Delete-on-Reboot, [642], [308997],1.0.1395
PUP.Optional.RelevantKnowledge, C:\PROGRAM FILES (X86)\RELEVANTKNOWLEDGE\RLSERVICE.EXE, Delete-on-Reboot, [1474], [296186],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\MWESHIELDUP.EXE, Delete-on-Reboot, [642], [308998],1.0.1395
PUP.Optional.MyWebShield, C:\PROGRAM FILES\MY WEB SHIELD\LIBEAY32.DLL, Delete-on-Reboot, [642], [308997],1.0.1395
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor\Config.xml, Delete-on-Reboot, [399], [331423],1.0.1395
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor\Nettrans.exe.config, Delete-on-Reboot, [399], [331423],1.0.1395
Adware.Kuaiba, C:\PROGRAM FILES\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KZIPSHELL.DLL, Delete-on-Reboot, [84], [360271],1.0.1395
PUP.Optional.Kuaizip, C:\Users\Diana\AppData\Roaming\KuaiZip\report_config.txt, Quarantined, [1412], [358169],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\cert\SSL\cert.db, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\cert\SSL\My Web Shield 2.cer, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\cert\SSL\xtls.db, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\certutil.exe, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\mozcrt19.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\nspr4.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\nss3.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\plc4.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\plds4.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\smime3.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\nss\softokn3.dll, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\mwescontroller.sys, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\mwesmanager.exe, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\mwessweeper.exe, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MyWebShield, C:\Program Files\My Web Shield\My Web Shield.zip, Quarantined, [642], [308997],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\ncncf.dat, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\readme.txt, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlls.dll, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlls64.dll, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rloci.bin, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe, Quarantined, [12839], [171225],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\close_white.png, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\content_script - \u00c3\u00b8\u00c2\u00b1\u00c2\u00b1\u00c2\u00be.js, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\content_script.js, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\icon.png, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\jquery-1.8.3.min.js, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\jquery.js, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\manifest.json, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\popup.html, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.Elex.ClnShrt, C:\Users\Diana\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\popup.js, Quarantined, [1642], [328066],1.0.1395
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk, Quarantined, [12839], [171863],1.0.1395
PUP.Optional.MyWebShield, C:\WINDOWS\SYSTEM32\DRIVERS\MWESCONTROLLER.SYS, Quarantined, [642], [326162],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.eot, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.ttf, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.woff, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\fonts.css, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\jquery-ui.css, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\site.css, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\weather.css, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\128x128.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\16x16.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\19x19.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\38x38.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\favicon.ico, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\pop.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_refresh_black_24dp_2x.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_search_black_24dp_2x.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\logo.png, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\m1-min.jpg, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\bootstrap.min.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery-ui.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.min.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.simpleWeather.min.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\list.min.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\weather.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\background.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\site.js, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\computed_hashes.json, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\verified_contents.json, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\main.html, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.SplinterSearch, C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\manifest.json, Quarantined, [3232], [360481],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\agree_continue.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\bodybg.jpg, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\context-icon.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\dont_help.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon32.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon48.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo_settings.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\mrwips.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark14.png, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\authentication.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.jsm, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteAdvanced.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteEditWebsite.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteSetWebsite.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config_special.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\convert2RegExp.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\hex_sha256.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\md5.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteBlack.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteWhite.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.css, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.html, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\tooltip.css, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\translate.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\Usage.xul, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wips.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wipstats.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.dtd, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.properties, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\contents.rdf, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.dtd, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.properties, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\contents.rdf, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences\prefs.js, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\manifest.mf, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.rsa, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.sf, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome.manifest, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.BlockSite, C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\install.rdf, Quarantined, [3131], [371154],1.0.1395
PUP.Optional.RussAd, C:\USERS\DIANA\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL, Quarantined, [25], [351113],1.0.1395
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE.CONFIG, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.dll, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Quarantined, [4679], [183111],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\USERS\DIANA\APPDATA\ROAMING\CONFIG.XML, Quarantined, [96], [302553],1.0.1395
PUP.Optional.Linkury, C:\USERS\DIANA\APPDATA\ROAMING\MD.XML, Quarantined, [399], [258091],1.0.1395
PUP.Optional.Linkury.Generic, C:\USERS\DIANA\APPDATA\ROAMING\AGENT.DAT, Quarantined, [2394], [360491],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\USERS\DIANA\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Quarantined, [96], [302554],1.0.1395
PUP.Optional.Linkury, C:\USERS\DIANA\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, Quarantined, [399], [258093],1.0.1395
PUP.Optional.Linkury.Gen, C:\USERS\DIANA\APPDATA\ROAMING\ECOSTRING.TST, Quarantined, [20012], [261636],1.0.1395
PUP.Optional.Linkury, C:\USERS\DIANA\APPDATA\ROAMING\NOAH.DAT, Quarantined, [399], [258092],1.0.1395
PUP.Optional.RelevantKnowledge, C:\WINDOWS\SYSTEM32\RLLS64.DLL, Delete-on-Reboot, [1474], [296186],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Delete-on-Reboot, [96], [259512],1.0.1395
PUP.Optional.RelevantKnowledge, C:\WINDOWS\SYSWOW64\RLLS.DLL, Quarantined, [1474], [296186],1.0.1395
PUP.Optional.Kuaizip, C:\USERS\DIANA\APPDATA\LOCAL\TEMP\KZ7ZDATA.7Z, Quarantined, [1412], [353144],1.0.1395
PUP.Optional.OnlineIO, C:\USERS\DIANA\APPDATA\LOCAL\TEMP\11911093\IC-0.9B203BE8DE277.EXE, Delete-on-Reboot, [695], [337831],1.0.1395
PUP.Optional.Sputnik, C:\USERS\DIANA\APPDATA\LOCAL\TEMP\FEAF2458-9509-429D-91C7-D9AA41707AB2\MAILRUHOMESEARCHVBM.EXE, Delete-on-Reboot, [3478], [352247],1.0.1395
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR\KAYTIP.ICO, Delete-on-Reboot, [399], [259312],1.0.1395
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\LaRantip.ico, Delete-on-Reboot, [399], [259312],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V2 - 3.JOB, Quarantined, [695], [333879],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V2 - 2.JOB, Quarantined, [695], [333879],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE UPDATER.JOB, Quarantined, [695], [333879],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V209 - 3.JOB, Quarantined, [695], [333879],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V2 - 1.JOB, Delete-on-Reboot, [695], [333879],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V209 - 1.JOB, Delete-on-Reboot, [695], [333879],1.0.1395
PUP.Optional.SnapDo, C:\USERS\DIANA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_search.snapdo.com_0.localstorage, Delete-on-Reboot, [3352], [184976],1.0.1395
PUP.Optional.SnapDo, C:\USERS\DIANA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_search.snapdo.com_0.localstorage-journal, Delete-on-Reboot, [3352], [184976],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\TRAFFIC EXCHANGE V209 - 2.JOB, Delete-on-Reboot, [695], [333879],1.0.1395
PUP.Optional.Kuaizip, C:\WINDOWS\SYSTEM32\DRIVERS\KuaiZipDrive.sys, Delete-on-Reboot, [1412], [329545],1.0.1395
PUP.Optional.Kuaizip, C:\PROGRAM FILES\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KuaiZipDrive.sys, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\ali\jp.png, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\ali\kzshop.ico, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\data\slimdata.dat, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\skin\disopt.skn, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\lang\Chs_Lang.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\7z.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KZFormat.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KZModule.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\KZMount2.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\Mount.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\MountCore.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X64\SetupHelper.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\lang\Chs_Lang.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\sfx\kzSetup_chs.sfx, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\7z.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\DiskOpt.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\DuiLib.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\finderlib.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\KuaiZip.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\kuaizipUpdateChecker.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\KZFormat.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\KZModule.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\KZTui.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\Mount.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\MountCore.dll, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\SetupHelper.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\Uninst.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\X86\Update.exe, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\7zNew.dat, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\ErrorMsg.xml, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\KzNew.dat, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\readme.txt, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\SLDefault.xml, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\ZipNew.dat, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.Kuaizip, C:\Program Files\\u00c3\u00a6\u00c4\u00a3\u00c5\u00c2\u00b9\__-________.URL, Delete-on-Reboot, [1412], [342516],1.0.1395
PUP.Optional.MyRadioXP, C:\USERS\DIANA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_fnhfdmnphmbbjbgppnpcddkefmeokfho_0.localstorage, Quarantined, [3236], [360496],1.0.1395
PUP.Optional.MyRadioXP, C:\USERS\DIANA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_fnhfdmnphmbbjbgppnpcddkefmeokfho_0.localstorage-journal, Quarantined, [3236], [360496],1.0.1395
PUP.Optional.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\TRAFFIC EXCHANGE\Online-Guardian-v2.0.9.exe, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online.io EULA.url, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online.io Privacy.url, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.ini, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Uninstall Traffic Exchange.lnk, Quarantined, [695], [373825],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange Guard, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange Guardian, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange Updater, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v2 - 1, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v2 - 2, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v2 - 3, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v209 - 1, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v209 - 2, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Traffic Exchange v209 - 3, Delete-on-Reboot, [695], [333869],1.0.1395
PUP.Optional.YTAdBlocker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{E3605470-291B-44EB-8648-745EE356599A}\INSTALL.RDF, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\files\background.js, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\files\foreground.js, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\files\main.css, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\icons\icon19.png, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\icons\icon48.png, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\icons\icon64.png, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin\arrow.png, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin\background.png, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin\bindings.css, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin\bindings.xml, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\skin\styles.css, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hi\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\am\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ar\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\be\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\bg\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\bn\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ca\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\cs\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\da\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\de\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\el\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en_GB\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\en_US\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\es\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\es_419\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\et\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fa\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fi\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fil\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\fr\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\gu\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\he\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hr\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\hu\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\id\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\it\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ja\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\kn\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ko\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\lt\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\lv\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\mk\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ml\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\mr\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ms\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\nl\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\no\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pl\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt_BR\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\pt_PT\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ro\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ru\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sk\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sl\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sq\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sr\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sv\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\sw\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\ta\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\te\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\th\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\tr\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\uk\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\vi\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\zh_CN\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\_locales\zh_TW\messages.json, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\background.html, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\background.xul, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome\Kernel.js, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\bootstrap.js, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}\chrome.manifest, Quarantined, [2276], [345509],1.0.1395
PUP.Optional.Kuaizip, C:\WINDOWS\SYSTEM32\TASKS\KuaiZip_Update, Quarantined, [1412], [329560],1.0.1395
PUP.Optional.BundleInstaller, C:\Users\Diana\AppData\Local\Temp\11911093\~The_Sims_4_Crack_CPYGAMES.COM.rar.exe, Quarantined, [39], [341983],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\GOLDENTRAX\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [96], [302558],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Goldentrax\uninstall.dat, Delete-on-Reboot, [96], [302558],1.0.1395
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Goldentrax\uninstall.ico, Delete-on-Reboot, [96], [302558],1.0.1395

Physical Sector: 0
(No malicious items detected)


(end)



#7 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 02 March 2017 - 09:43 AM

Malwarebytes Anti-Rootkit results:

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.01.13
  rootkit: v2017.02.27.01

Windows 10 x64 NTFS
Internet Explorer 11.0.14393.0
Diana :: DIANA-PC [administrator]

2.03.2017 0:33:30
mbar-log-2017-03-02 (00-33-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 377068
Time elapsed: 1 hour(s), 42 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Diana\AppData\Roaming\taskmgr\taskmgr.exe (Trojan.Agent) -> Delete on reboot. [38a960642f7969cd8f1b5d63d72cd62a]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

And the log thing:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4258353152, free: 1535827968

Downloaded database version: v2017.03.01.13
Downloaded database version: v2017.02.27.01
Downloaded database version: v2017.02.15.02
Initializing...
======================
------------ Kernel report ------------
     03/02/2017 00:32:58
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStor.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\lullaby.sys
\SystemRoot\System32\Drivers\AsDsm.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers:ucdrv-x64.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\athwnx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\L1E62x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\ATK64AMD.sys
\SystemRoot\System32\drivers\ew_jubusenum.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\VirtualAudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\ew_usbenumfilter.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\drivers\ew_juwwanecm.sys
\SystemRoot\System32\drivers\ew_juextctrl.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\Ndu.sys
\??\C:\WINDOWS\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.01.13
  rootkit: v2017.02.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffc702e79fe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc702e79feae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc702e79fe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffc702e7d8fa80, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffc702e6a7a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 30714232
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30717952  Numsec = 243269632
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 273987584  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 274911232  Numsec = 701859840
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffc702e9140060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc702e9140ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc702e9140060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffc702e90aab10, DeviceName: \Device\0000004d\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Users\Diana\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\Users\Diana\AppData\Roaming\taskmgr\taskmgr.exe --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-30717952-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-273987584-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-274911232-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#8 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 02 March 2017 - 10:18 AM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/02/2017 04:46:27 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 6012) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * tunnel [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/02/2017 04:53:53 PM
Execution time: 0 hours(s), 7 minute(s), and 26 seconds(s)
 



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:00 PM

Posted 02 March 2017 - 12:46 PM

MBAR discovered some issue but we're not allowed to run MBAR fixes in this forum, so...

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 02 March 2017 - 04:02 PM

Thanks, posted the thread here:

https://www.bleepingcomputer.com/forums/t/641226/im-really-badly-infected-where-do-i-start-my-clearing-pt2/



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:00 PM

Posted 02 March 2017 - 05:39 PM

p22003888.gif


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 sinine

sinine
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 04 March 2017 - 02:20 PM

Thank you, Broni. Seems like I'm clean now. Can I delete/uninstall the things?



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:00 PM

Posted 04 March 2017 - 07:49 PM

Yes.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users