• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Laptop is running really slowly

Status
Not open for further replies.
So I have had a my laptop for about 4 years, stopped using it for a while and now it has become incredibly slow. It takes it about a minute to open up google chrome and then ages to load up a webpage while the Internet is running fine on other devices. My fps in games has also significantly dropped. Here are my specs:
Model: F550LD-XO225H
Processor: Intel Core i7-4500U @1.8GHz
Physical Memory: 8Gb DDR3
Hard Drive: 1000Gb HDD
Optical Drive: DVD-Rw
Display: Nvidia GeForce GT 820M
Display Size: 15.4 Inches
Network: 802.11 b/g/n
Operating System:
Windows 8.1 Home Edition Windows Performance Index (if available) : 5.5
Do you guys think I need to upgrade to like an SSD or something like that to fix the speed? Thanks in advance!
 
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Henry (administrator) on HENRYS-PC (11-12-2016 13:33:08)
Running from C:\Users\Henry\Desktop
Loaded Profiles: UpdatusUser & Henry (Available Profiles: UpdatusUser & Henry)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: "C:\Program Files (x86)\Boobseed\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ExWzp Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\cktSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(evangel technology (hk) limited) C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
() C:\Program Files (x86)\WinSaber\WinSaber.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\ProgramData\Boobseed\Boobseed.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Monold\protect\protect.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\UncheckitBsn.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(BitTorrent Inc.) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(BitTorrent Inc.) C:\Users\Henry\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henry\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henry\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusVibe\AsusVibe2.0.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Boobseed\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\Run: [uTorrent] => C:\Users\Henry\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe [2139840 2016-09-09] (BitTorrent Inc.)
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\MountPoints2: {4b316864-d25c-11e5-be75-d850e62170d6} - "F:\autorun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5EA9927B-FEFB-444B-8996-E6706E1D16D9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A48A1144-E592-436D-A3AB-5043E4DF76E4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3165863131-4061258348-4272814689-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3165863131-4061258348-4272814689-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\wzxf6lld.default-1477887815478 [2016-10-30]
FF Extension: (Firefox Hotfix) - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\wzxf6lld.default-1477887815478\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-30]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zxsmw4me.default\extensions\arthurj8283@gmail.com => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3165863131-4061258348-4272814689-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-16] ()

Chrome:
=======
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m"
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default [2016-10-30]
CHR Extension: (Google Slides) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-13]
CHR Extension: (Google Drive) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Adblock Plus) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (Google Search) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Google Sheets) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-30]
CHR Extension: (Hearthstone Linkifier) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfciolhdhbagnccplcficnahgleflam [2016-10-30]
CHR Extension: (Akatsuki Clouds) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgankgbmohecnigpfaimapoedpabiojf [2016-03-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-10-30]
CHR Extension: (Gmail) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 BoobseedP; C:\ProgramData\Boobseed\Boobseed.exe [450944 2016-08-02] ()
S2 BoobseedU; C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [601984 2016-08-02] ()
R2 cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [274152 2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-21] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-21] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-21] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-22] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 Monold_protect; C:\ProgramData\Monold\protect\protect.exe [302976 2016-05-18] ()
S2 Monold_update; C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [487296 2016-05-18] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-02-16] ()
R2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [247528 2016-08-23] (evangel technology (hk) limited)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [443672 2016-08-01] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1254960 2016-08-23] (ExWzp Pvt Ltd.) [File not signed] <==== ATTENTION
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-05-28] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-21] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-21] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-21] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-14] (Disc Soft Ltd)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U0 msahci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 13:33 - 2016-12-11 13:33 - 00021562 _____ C:\Users\Henry\Desktop\FRST.txt
2016-12-11 13:33 - 2016-12-11 13:33 - 00000000 ____D C:\FRST
2016-12-11 13:32 - 2016-12-11 13:32 - 02420224 _____ (Farbar) C:\Users\Henry\Downloads\FRST64.exe
2016-12-11 13:32 - 2016-12-11 13:32 - 02420224 _____ (Farbar) C:\Users\Henry\Desktop\FRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 13:34 - 2016-02-13 11:13 - 00000000 ____D C:\Users\Henry\AppData\Roaming\uTorrent
2016-12-11 13:33 - 2013-10-17 23:31 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-12-11 13:33 - 2013-10-17 23:31 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-12-11 13:31 - 2016-02-28 12:11 - 00814794 _____ C:\Windows\system32\perfh00C.dat
2016-12-11 13:31 - 2016-02-28 12:11 - 00812718 _____ C:\Windows\system32\perfh00A.dat
2016-12-11 13:31 - 2016-02-28 12:11 - 00198636 _____ C:\Windows\system32\prfh0404.dat
2016-12-11 13:31 - 2016-02-28 12:11 - 00171302 _____ C:\Windows\system32\perfc00A.dat
2016-12-11 13:31 - 2016-02-28 12:11 - 00164032 _____ C:\Windows\system32\perfc00C.dat
2016-12-11 13:31 - 2016-02-28 12:11 - 00065482 _____ C:\Windows\system32\prfc0404.dat
2016-12-11 13:31 - 2012-07-26 00:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-11 13:31 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-12-11 13:31 - 2012-07-25 23:28 - 02969750 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-11 13:31 - 2012-07-25 21:37 - 00000000 ____D C:\Windows\Inf
2016-12-11 13:30 - 2016-05-21 00:24 - 00000000 ____D C:\Program Files (x86)\Monold
2016-12-11 13:30 - 2016-02-13 06:18 - 00000062 _____ C:\Users\Henry\AppData\Roaming\sp_data.sys
2016-12-11 13:28 - 2016-09-14 15:25 - 00000000 ____D C:\Users\Henry\AppData\LocalLow\uTorrent
2016-12-11 13:27 - 2016-04-15 16:26 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2016-02-13 06:18 - 2016-12-11 13:30 - 0000062 _____ () C:\Users\Henry\AppData\Roaming\sp_data.sys
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Henry\AppData\Local\Temp\bitool.dll
C:\Users\Henry\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Henry\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Henry\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-03 02:01

==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by Henry (11-12-2016 13:34:35)
Running from C:\Users\Henry\Desktop
Windows 8 (X64) (2016-02-13 14:17:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3165863131-4061258348-4272814689-500 - Administrator - Disabled)
Guest (S-1-5-21-3165863131-4061258348-4272814689-501 - Limited - Disabled)
Henry (S-1-5-21-3165863131-4061258348-4272814689-1002 - Administrator - Enabled) => C:\Users\Henry
UpdatusUser (S-1-5-21-3165863131-4061258348-4272814689-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.0 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0029 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-GB)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Graphics Driver 311.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Uncheckit (HKLM-x32\...\Uncheckit) (Version: 2.2.2 - EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.98 - Winzipper Pvt Ltd.) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
yessearches Uninstall (HKLM-x32\...\Uninstall dam) (Version: - ) <==== ATTENTION
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E56DF0-D70F-4CA1-95E1-CD6E0C4FE206} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== ATTENTION
Task: {0A06E085-4523-4EF3-AB9D-93A389A2E517} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-05-28] (AsusTek)
Task: {223B3F83-503E-4444-8201-7141D03C5A7F} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Task: {285D064D-96F0-4281-8029-DE576912A6A3} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {357A2A3B-D2C5-422E-9A23-391C36ACD61A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-15] (Google Inc.)
Task: {4950A0EC-0CFC-43C4-AD7B-2ACDBFCDE82D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {599755E9-4450-4CC6-85FB-9F53C3E82544} - System32\Tasks\BoobseedUpdateTaskMachineUA => C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [2016-08-02] () <==== ATTENTION
Task: {6077B886-F97D-4BA1-834A-EBD18561DE5B} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {6EECAF16-8137-416B-B11C-4DE2A492FBDA} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {8B401A51-A87F-4754-AB4E-3DADD37DAC8F} - System32\Tasks\BoobseedUpdateTaskMachineCore => C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [2016-08-02] () <==== ATTENTION
Task: {9F38C70F-107D-42B4-A80F-186DEB9E2F26} - System32\Tasks\MonoldBrowserUpdateCore => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {A095D84A-1076-4B13-94BF-7DD01AD88C34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-15] (Google Inc.)
Task: {A365A610-85FC-45D3-9EDA-3045E8B15C27} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {A81112D8-6B67-4A1B-B45B-ADD3FFCB32CF} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Task: {C272A9E2-A4BD-4804-82C2-17739E54DFEC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-03-26] (ASUSTek Computer Inc.)
Task: {C992D46B-721A-4EF9-9B54-BE2560090865} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {D439BFAE-8DA9-433F-BAC0-118D1C126E17} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe [2016-03-16] (Tencent) <==== ATTENTION
Task: {DA073D38-6890-41BF-B946-EEDB7D0C7A16} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {DAF748EB-53B2-45B2-AC58-B35F6E246078} - System32\Tasks\MonoldCheckTask => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {DE9E8145-B642-4593-8E51-C9890743CCEC} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {E420165E-8663-4881-A774-283B7C18B28D} - System32\Tasks\MonoldBrowserUpdateUA => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {FC0ACBFD-ECFF-43AC-B6F1-2B297044E62D} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-18 22:10 - 2012-12-18 22:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2016-02-16 07:08 - 2016-02-16 07:08 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-08-02 21:42 - 2016-08-01 18:42 - 00443672 _____ () C:\Program Files (x86)\WinSaber\WinSaber.exe
2016-08-02 21:53 - 2016-08-02 00:07 - 00450944 _____ () C:\ProgramData\Boobseed\Boobseed.exe
2016-05-21 00:28 - 2016-05-18 23:13 - 00302976 _____ () C:\ProgramData\Monold\protect\protect.exe
2013-04-29 15:03 - 2013-04-29 15:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-05-21 00:31 - 2016-05-22 18:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-03-24 22:33 - 2015-12-29 21:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-03-24 22:33 - 2016-01-26 00:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2016-08-02 21:42 - 2016-07-04 22:54 - 00068432 _____ () C:\Program Files (x86)\Uncheckit\zlib1.dll
2013-10-17 23:14 - 2013-05-31 12:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-02 21:42 - 2016-05-25 02:28 - 00179200 _____ () C:\Program Files (x86)\Uncheckit\libpng.dll
2016-05-21 00:31 - 2016-05-22 18:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2016-08-02 21:53 - 2016-08-02 00:07 - 01763200 _____ () C:\Program Files (x86)\Boobseed\Application\libglesv2.dll
2016-08-02 21:53 - 2016-08-02 00:07 - 00085888 _____ () C:\Program Files (x86)\Boobseed\Application\libegl.dll
2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2016-08-02 21:53 - 2016-05-23 23:28 - 17565848 _____ () C:\Program Files (x86)\Boobseed\Application\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2016-10-30 20:35 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => LPort=2869
FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => LPort=1900
FirewallRules: [{12223DA3-0792-46D5-8D6A-36EFF3A47494}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F2B31906-DD6A-45A3-91FF-FE0E3A77208F}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6103B7E1-47E4-48DC-BEAC-BDE37CE9FC7C}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CEC9A049-11C5-4FDA-8454-772A28BA8270}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F90E16CD-A972-4220-898D-BB8C78DAD58A}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3A938B08-1D81-4522-A94F-36828FAF6055}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D69B37F7-32D3-4800-AFE9-476A0A2C7F0D}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C612A31-87EC-4D90-B0B1-386C3DA19B99}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AED34AD9-4287-4112-B55B-1D6C4DE55907}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4B6E3C0F-B4B9-4183-ABBA-242BFE442108}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C97BDE0-0E47-4EF9-A9F5-6DFDEA44D450}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8568269E-A3C5-40D8-86EA-A0F15C705043}] => C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED3DBDF2-4AA4-4142-88AF-4385684A11AC}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06F25CE0-5B82-4DE8-9E29-8843B950EB7F}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F8F36F10-5AE3-4B88-BA32-F6F6339DA4DE}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FCDF4CEB-EFCC-44F4-868F-D033D60C4527}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{933C102E-ED87-425A-88DB-6DF1091C475A}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{9EF04E6E-3BE2-48C9-B3F0-E54252175DB9}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{1CF057F9-632E-4332-AF6B-90D8AB3F2BE2}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C191E264-82CD-4DE3-AB00-ABD92A033DB3}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C8410933-9E15-40F7-8926-B97454FFF941}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{C322BB00-8540-40EE-B06F-A3AC26688E64}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{0FE769FB-4ED2-4548-B725-828C2DA041FB}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{0D6CF7A4-B1D6-4E10-AF9E-7B7A27B6AB2C}] => C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{FE1236F1-4E46-464B-A355-9590A5D9748D}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{A70B1952-6311-4B1A-AD85-97D9B0E877FF}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{35BA761B-0587-451D-9334-84913057E632}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{6EE1DFA7-66BF-4BBD-A379-2CA3C84B8C87}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FEECA456-4DC9-4A45-9C1F-88784ABCF930}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54657F99-2AC8-42CB-979D-93E5EB9E9DCE}] => C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe
FirewallRules: [{C4AE6192-584D-42E7-88D9-FEC8101C4CDD}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B7EB0D53-4FC4-45A4-91DD-30FFA4074741}] => C:\ProgramData\Monold\protect\protect.exe
FirewallRules: [{F804E634-D551-4471-A5A6-77A896D9EE2C}] => C:\Program Files (x86)\Monold\Monold\chrome.exe
FirewallRules: [{C8CC9D54-CEEB-44F0-B248-493D38F40F57}] => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe

==================== Restore Points =========================

19-08-2016 23:54:43 Scheduled Checkpoint
27-08-2016 02:01:07 Scheduled Checkpoint
03-09-2016 02:02:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2016 01:31:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x1a30
Faulting application start time: 0x01d253f5f0d91dc5
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 3082334c-bfe9-11e6-be89-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (10/30/2016 08:17:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x185c
Faulting application start time: 0x01d2332dba7bc90e
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: fd142acf-9f20-11e6-be88-a4db303fe2ab
Faulting package full name:
Faulting package-relative application ID:

Error: (09/14/2016 03:24:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (09/09/2016 11:15:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x17a8
Faulting application start time: 0x01d20b3320349f87
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 5e5b2dfd-7726-11e6-be88-a4db303fe2ab
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 10:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x2408
Faulting application start time: 0x01d20b2a33cad48a
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 71d15681-771d-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 09:11:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x24ec
Faulting application start time: 0x01d20b21d270bbc6
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 10722962-7715-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 08:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x2494
Faulting application start time: 0x01d20b19704d1df8
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: ae0a5a4f-770c-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 07:11:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x1a68
Faulting application start time: 0x01d20b110ee58d4e
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 4ca2c7cb-7704-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 06:11:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x1254
Faulting application start time: 0x01d20b08ad30b154
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: eb6aeace-76fb-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 05:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrowserUpdate.exe, version: 9.3.6494.400, time stamp: 0x5697910d
Faulting module name: 798204DC4\Update\chrome_elf.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000135
Fault offset: 0x00078dd2
Faulting process id: 0x11c8
Faulting application start time: 0x01d20b004aeb3195
Faulting application path: C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe
Faulting module path: 798204DC4\Update\chrome_elf.dll
Report Id: 88c79366-76f3-11e6-be87-d850e62170d6
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/11/2016 01:31:44 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:43 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:35 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:35 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:21 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:21 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:13 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:13 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: HENRYS-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Henrys-PC\Henry SID (S-1-5-21-3165863131-4061258348-4272814689-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8075.48 MB
Available physical RAM: 5544.13 MB
Total Virtual: 9483.48 MB
Available Virtual: 6681.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:255.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
Drive f: (Far Cry 3) (CDROM) (Total:1.94 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 568814A2)

Partition: GPT.

==================== End of Addition.txt ============================
 

Attachments

  • Addition.txt
    36.4 KB · Views: 11
  • FRST.txt
    25 KB · Views: 11
I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Clean up temp files and reduce startup load with CCleaner.

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • ccleaner-png.941

  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • ccleaner1-png.942

  • You have a large amount of items starting, you should only keep your antivirus enabled disable the rest.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender, or your antivirus.
  • Reboot the machine.

Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.


ZHP Cleaner Scan.
We need you to run ZHPCleaner to get a log, can you please go HERE to download and save it to your desktop. Once downloaded right click the desktop icon
zhp1-jpg.554
and click "Run as administrator" from the menu. Accept the programs terms and conditions, then select "Scanner" from the main interface. It is safe to ignore any security warnings received when installing or running this software.

zhp2-jpg.555


ZHPCleaner may close your browser so do not be concerned. Scanning will begin and on completion may show a dialogue box as shown below, if so simply close it.

zhp10a-jpg.562


The main interface will re-open and this time click "Repair"

zhp14-jpg.602


The main repair options dialogue box will open and any detected infections will be listed under the red tabs and be selected by default. Click "Repair" and ZHPCleaner will place the infections in Quarantine.

zhp13a-jpg.563


If ZHPCleaner asks to reboot please allow it. Upon reboot if necessary, or even if not required there will be log file called ZHPCleaner.txt on your desktop.

Please Copy and Paste the contents of this file in your next post:)
 
Last edited:
Sorry it seems that ZHP cleaner is down today for some reason, lets skip that and use another tool. :)

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.
 
Zemana Scan: You posted the Wrong Log, deleted for you!


JRT Log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8 x64
Ran by Henry (Administrator) on Sun 11/12/2016 at 16:46:13.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\ProgramData\monold (Folder)
Successfully deleted: C:\Users\Henry\AppData\Local\monold (Folder)
Successfully deleted: C:\Program Files (x86)\monold (Folder)
Successfully deleted: C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DPCEVPY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3CV54K7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAKAWMD8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYFBZ3VH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DPCEVPY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3CV54K7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAKAWMD8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYFBZ3VH (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/12/2016 at 16:51:59.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Adware Cleaner Log.


# AdwCleaner v6.040 - Logfile created 11/12/2016 at 16:40:41
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-11.2 [Local]
# Operating System : Windows 8 (X64)
# Username : Henry - HENRYS-PC
# Running from : C:\Users\Henry\Downloads\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Elex-tech
[-] Folder deleted: C:\Program Files (x86)\ghokswa
[-] Folder deleted: C:\Program Files (x86)\SearchesToYesbnd
[-] Folder deleted: C:\Program Files (x86)\Winsere
[-] Folder deleted: C:\Program Files (x86)\WinTaske
[-] Folder deleted: C:\Program Files (x86)\QQBrowser
[-] Folder deleted: C:\Program Files (x86)\eAHPeNhIUJ
[#] Folder deleted on reboot: C:\Program Files (x86)\eahpenhiuj
[-] Folder deleted: C:\Program Files (x86)\WinArcher
[#] Folder deleted on reboot: C:\Program Files (x86)\winarcher
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eAHPeNhIUJ
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eahpenhiuj
[-] Folder deleted: C:\extensions
[-] Folder deleted: C:\Users\Public\Documents\dmp


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Users\Public\Desktop\qksee.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: WinTaske
[-] Task deleted: Browser Updater Task(Core)
[-] Task deleted: UncheckitTaskMN
[-] Task deleted: UncheckitUpdateTaskC
[-] Task deleted: UncheckitUpdateTaskDB
[-] Task deleted: BoobseedUpdateTaskMachineUA
[-] Task deleted: BoobseedUpdateTaskMachineCore


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.bmp
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.gif
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.ico
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.jpg
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.png
[-] Key deleted: HKLM\SOFTWARE\Classes\qkseeViewer.tif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.bmp
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.gif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.ico
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.png
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.tif
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\.DEFAULT\Software\Elex-tech
[-] Key deleted: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Uncheckit
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Elex-tech
[#] Key deleted on reboot: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Key deleted on reboot: HKCU\Software\Uncheckit
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\yessearchesSoftware
[-] Key deleted: HKLM\SOFTWARE\qksee
[-] Key deleted: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\Uncheckit
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\WinZiper
[-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Key deleted: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] Key deleted on reboot: [x64] HKCU\Software\Uncheckit
[-] Key deleted: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Key deleted on reboot: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Key deleted on reboot: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Value deleted: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ Web browsers ] *****

[-] [C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: daemon-tools-lite.en.softonic.com
[-] [C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: nice
[-] [C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m
[-] [C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9317 Bytes] - [11/12/2016 16:40:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [9909 Bytes] - [11/12/2016 16:31:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [8769 Bytes] - [11/12/2016 16:36:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9536 Bytes] ##########


Adware Removal Tool Log.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_12_11_16_54_37
OS: Windows 8 - x64 Bit
Account Name: Henry
Adware Definition: 12012016
Elapsed time: 07:33
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Temp\binsis142.xml

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Temp\binsischeck654.xml

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Bangkiss\User Data\Default\Local Storage\https_www.ourstartpage.com_0.localstorage

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Bangkiss\User Data\Default\Local Storage\https_www.ourstartpage.com_0.localstorage-journal

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Bangkiss\User Data\Default\Local Storage\http_www.nicesearches.com_0.localstorage

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Bangkiss\User Data\Default\Local Storage\http_www.nicesearches.com_0.localstorage-journal

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_airzip2.inspsearch.com_0.localstorage

[-] Deleted ->> File ->> C:\Users\Henry\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_airzip2.inspsearch.com_0.localstorage-journal

[-] Repaired ->> File ->> C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Web Data

[-] Repaired ->> File ->> C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Preferences

[-] Repaired ->> File ->> C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

[-] Repaired ->> File ->> C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Last Session

[-] Repaired ->> File ->> C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Last Tabs



 

Attachments

  • JRT.txt
    2.1 KB · Views: 9
  • Repair_Logs_2016_12_11_16_54_37.txt
    1.8 KB · Views: 10
  • Scan_Logs_2016_12_11_16_54_37.txt
    2 KB · Views: 8
  • AdwCleaner[C0].txt
    9.4 KB · Views: 9
Last edited by a moderator:
Uninstall Useless Programs.

Remove the items below from your machine with Geek Uninstaller, use Force Mode if needed.

µTorrent (HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Uncheckit (HKLM-x32\...\Uncheckit) (Version: 2.2.2 - EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.98 - Winzipper Pvt Ltd.) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
yessearches Uninstall (HKLM-x32\...\Uninstall dam) (Version: - ) <==== ATTENTION

FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    9.1 KB · Views: 13
Here it is:


Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Henry (11-12-2016 17:40:59) Run:1
Running from C:\Users\Henry\Desktop
Loaded Profiles: UpdatusUser & Henry (Available Profiles: UpdatusUser & Henry)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\...\MountPoints2: {4b316864-d25c-11e5-be75-d850e62170d6} - "F:\autorun.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3165863131-4061258348-4272814689-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3165863131-4061258348-4272814689-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3165863131-4061258348-4272814689-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-16] ()
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m"
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1465255371&from=d1e20606&uid=st1000lm024xhn-m101mbb_s2y4j9bd907249&z=9a504b42652b5304732c86ag3z5qew5g8t1e7w4z7m&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Extension: (AdBlock) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-10-30]
R2 BoobseedP; C:\ProgramData\Boobseed\Boobseed.exe [450944 2016-08-02] ()
S2 BoobseedU; C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [601984 2016-08-02] ()
R2 cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [274152 2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED)
C:\Program Files (x86)\Uncheckit
C:\Program Files (x86)\Boobseed
C:\ProgramData\Boobseed
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-22] (Elex do Brasil Participações Ltda)
R2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [247528 2016-08-23] (evangel technology (hk) limited)
R2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [443672 2016-08-01] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1254960 2016-08-23] (ExWzp Pvt Ltd.) [File not signed] <==== ATTENTION
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
C:\Program Files (x86)\WinZipper
C:\Program Files\McAfee
C:\Program Files (x86)\Monold
C:\Program Files (x86)\WinSaber
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
C:\Program Files (x86)\Elex-tech
C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
U0 msahci; no ImagePath
C:\Users\Henry\AppData\Roaming\uTorrent
2016-02-13 06:18 - 2016-12-11 13:30 - 0000062 _____ () C:\Users\Henry\AppData\Roaming\sp_data.sys
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Task: {06E56DF0-D70F-4CA1-95E1-CD6E0C4FE206} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== ATTENTION
C:\Program Files (x86)\WinTaske
Task: {223B3F83-503E-4444-8201-7141D03C5A7F} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Task: {599755E9-4450-4CC6-85FB-9F53C3E82544} - System32\Tasks\BoobseedUpdateTaskMachineUA => C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [2016-08-02] () <==== ATTENTION
Task: {8B401A51-A87F-4754-AB4E-3DADD37DAC8F} - System32\Tasks\BoobseedUpdateTaskMachineCore => C:\Program Files (x86)\Boobseed\Update\BoobseedUpdate.exe [2016-08-02] () <==== ATTENTION
Task: {9F38C70F-107D-42B4-A80F-186DEB9E2F26} - System32\Tasks\MonoldBrowserUpdateCore => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {A81112D8-6B67-4A1B-B45B-ADD3FFCB32CF} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Task: {D439BFAE-8DA9-433F-BAC0-118D1C126E17} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\Download\F7D3B1F7CB6A32C3CB90685798204DC4\Update\BrowserUpdate.exe [2016-03-16] (Tencent) <==== ATTENTION
C:\Program Files (x86)\QQBrowser
Task: {DAF748EB-53B2-45B2-AC58-B35F6E246078} - System32\Tasks\MonoldCheckTask => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {E420165E-8663-4881-A774-283B7C18B28D} - System32\Tasks\MonoldBrowserUpdateUA => C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe [2016-05-18] () <==== ATTENTION
Task: {FC0ACBFD-ECFF-43AC-B6F1-2B297044E62D} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-08-23] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ATTENTION
Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Boobseed\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\WinSaber\WinSaber.exe
C:\ProgramData\Boobseed\Boobseed.exe
C:\ProgramData\Monold\protect\protect.exe
C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
C:\Program Files (x86)\WinZipper\zlib1.dll
C:\Program Files (x86)\Uncheckit\libpng.dll
C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
C:\Program Files (x86)\Boobseed\Application\libglesv2.dll
C:\Program Files (x86)\Boobseed\Application\libegl.dll
C:\Program Files (x86)\Boobseed\Application\PepperFlash\pepflashplayer.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
reboot:
end



*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b316864-d25c-11e5-be75-d850e62170d6}" => key removed successfully
HKCR\CLSID\{4b316864-d25c-11e5-be75-d850e62170d6} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => key removed successfully
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => moved successfully
"HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => moved successfully
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => moved successfully
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj => moved successfully
BoobseedP => service not found.
BoobseedU => service not found.
cktSvc => service not found.
"C:\Program Files (x86)\Uncheckit" => not found.
"C:\Program Files (x86)\Boobseed" => not found.
"C:\ProgramData\Boobseed" => not found.
iSafeService => service not found.
UncheckitSvc => service not found.
winsaber => service not found.
winzipersvc => service not found.
McAPExe => service removed successfully
"C:\Program Files (x86)\WinZipper" => not found.
"C:\Program Files\McAfee" => not found.
"C:\Program Files (x86)\Monold" => not found.
"C:\Program Files (x86)\WinSaber" => not found.
iSafeKrnl => service not found.
iSafeKrnlBoot => service not found.
iSafeKrnlKit => service not found.
iSafeKrnlMon => service not found.
iSafeKrnlR3 => service not found.
iSafeNetFilter => service not found.
"C:\Program Files (x86)\Elex-tech" => not found.
"C:\Windows\System32\DRIVERS\iSafeNetFilter.sys" => not found.
msahci => service removed successfully
"C:\Users\Henry\AppData\Roaming\uTorrent" => not found.
"C:\Users\Henry\AppData\Roaming\sp_data.sys" => not found.
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06E56DF0-D70F-4CA1-95E1-CD6E0C4FE206} => key not found.
C:\Windows\System32\Tasks\WinTaske => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinTaske => key not found.
"C:\Program Files (x86)\WinTaske" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{223B3F83-503E-4444-8201-7141D03C5A7F} => key not found.
C:\Windows\System32\Tasks\UncheckitUpdateTaskC => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UncheckitUpdateTaskC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599755E9-4450-4CC6-85FB-9F53C3E82544} => key not found.
C:\Windows\System32\Tasks\BoobseedUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BoobseedUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B401A51-A87F-4754-AB4E-3DADD37DAC8F} => key not found.
C:\Windows\System32\Tasks\BoobseedUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BoobseedUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F38C70F-107D-42B4-A80F-186DEB9E2F26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F38C70F-107D-42B4-A80F-186DEB9E2F26}" => key removed successfully
C:\Windows\System32\Tasks\MonoldBrowserUpdateCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MonoldBrowserUpdateCore" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A81112D8-6B67-4A1B-B45B-ADD3FFCB32CF} => key not found.
C:\Windows\System32\Tasks\UncheckitUpdateTaskDB => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UncheckitUpdateTaskDB => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D439BFAE-8DA9-433F-BAC0-118D1C126E17} => key not found.
C:\Windows\System32\Tasks\Browser Updater Task(Core) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core) => key not found.
"C:\Program Files (x86)\QQBrowser" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAF748EB-53B2-45B2-AC58-B35F6E246078}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAF748EB-53B2-45B2-AC58-B35F6E246078}" => key removed successfully
C:\Windows\System32\Tasks\MonoldCheckTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MonoldCheckTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E420165E-8663-4881-A774-283B7C18B28D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E420165E-8663-4881-A774-283B7C18B28D}" => key removed successfully
C:\Windows\System32\Tasks\MonoldBrowserUpdateUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MonoldBrowserUpdateUA" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC0ACBFD-ECFF-43AC-B6F1-2B297044E62D} => key not found.
C:\Windows\System32\Tasks\UncheckitTaskMN => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UncheckitTaskMN => key not found.
C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
C:\Users\Henry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => moved successfully
"C:\Program Files (x86)\WinSaber\WinSaber.exe" => not found.
"C:\ProgramData\Boobseed\Boobseed.exe" => not found.
"C:\ProgramData\Monold\protect\protect.exe" => not found.
"C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll" => not found.
"C:\Program Files (x86)\WinZipper\zlib1.dll" => not found.
"C:\Program Files (x86)\Uncheckit\libpng.dll" => not found.
"C:\Program Files (x86)\Elex-tech\YAC\libpng.dll" => not found.
"C:\Program Files (x86)\Boobseed\Application\libglesv2.dll" => not found.
"C:\Program Files (x86)\Boobseed\Application\libegl.dll" => not found.
"C:\Program Files (x86)\Boobseed\Application\PepperFlash\pepflashplayer.dll" => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3165863131-4061258348-4272814689-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c550:fa9b:6e46:1a6c%12
Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c550:fa9b:6e46:1a6c%12
IPv4 Address. . . . . . . . . . . : 192.168.0.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19060100 B
Java, Flash, Steam htmlcache => 712 B
Windows/system/drivers => 168144356 B
Edge => 0 B
Chrome => 217432023 B
Firefox => 12368319 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 102836 B
systemprofile32 => 211696 B
LocalService => 253314 B
NetworkService => 11732 B
UpdatusUser => 0 B
Henry => 156693730 B

RecycleBin => 21391053 B
EmptyTemp: => 576.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:41:54 ====
 

Attachments

  • Fixlog.txt
    24.5 KB · Views: 13
Last edited by a moderator:
  • Can you please post the Zemana Log.
  • How is your machine running?

9-Lab Scan.




  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
I don't know which Zemana log is the right one, this one is labelled as a Custom Scan while all the other ones are labelled as scheduled scans, I hope I sent the right one:

Zemana AntiMalware 2.70.2.118 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/12/11
Operating System : Windows 8 64-bit
Processor : 4X Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
BIOS Mode : UEFI
CUID : 12A8205A547D614C6D2666
Scan Type : Custom Scan
Duration : 68m 46s
Scanned Objects : 267135
Detected Objects : 205
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

yac
Status : Scanned
Object : NE->c:\program files (x86)\elex-tech\yac
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Yet Another Cleaner.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

qksee
Status : Scanned
Object : NE->c:\program files (x86)\qksee
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Qksee.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

winsaber
Status : Scanned
Object : NE->c:\program files (x86)\winsaber
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Elex.B!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

winzipper
Status : Scanned
Object : NE->c:\program files (x86)\winzipper
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/WinZipper.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

qksee
Status : Scanned
Object : NE->c:\programdata\microsoft\windows\start menu\programs\qksee
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Qksee.B!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

yac
Status : Scanned
Object : NE->c:\users\henry\appdata\roaming\elex-tech\yac
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Yet Another Cleaner.B!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

qksee
Status : Scanned
Object : NE->c:\users\henry\appdata\roaming\qksee
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Qksee.C!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

upo7753.tmp.hlh
Status : Scanned
Object : %systemroot%\temp\upo7753.tmp.hlh
MD5 : 833F5DD9278894B9D40C2293D9736CD3
Publisher : Sice Xing
Size : 479616
Version : -
Detection : Adware:Win32/AutoBulk.881ec1!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\temp\upo7753.tmp.hlh

iSafeKrnlBoot.sys
Status : Scanned
Object : %systemroot%\system32\drivers\isafekrnlboot.sys
MD5 : FAB2EBA07369BF3C6DB33469B5B36FCB
Publisher : Elex do Brasil Participações Ltda
Size : 55056
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\system32\drivers\isafekrnlboot.sys

iSafeNetFilter.sys
Status : Scanned
Object : %systemroot%\system32\drivers\isafenetfilter.sys
MD5 : 9FB02FBA90F6AF59537A30C3DB9777C8
Publisher : Elex do Brasil Participações Ltda
Size : 52392
Version : 1.4.6.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\system32\drivers\isafenetfilter.sys

wzShellctx.dll
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzshellctx.dll
MD5 : D3ADE647305B5C96F1BA0DF46F3ECE74
Publisher : Chencheng Cai
Size : 178296
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzshellctx.dll

wmmbox.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\wmmbox.exe
MD5 : 646D4AEED40B282553BF922B612A1ED5
Publisher : Chencheng Cai
Size : 197752
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\wmmbox.exe

wzUpg.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzupg.exe
MD5 : E1F8D62C74767DD6BAF4D58188F945A1
Publisher : Chencheng Cai
Size : 349816
Version : 2.2.52.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzupg.exe

nscF758.tmp
Status : Scanned
Object : %temp%\nscf758.tmp
MD5 : 145D76FC31D7785B1E33E32E5ECDDB2B
Publisher : Somoto Ltd
Size : 430944
Version : 1.0.0.1
Detection : Adware:Win32/Somoto!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\nscf758.tmp

wzUninstall.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzuninstall.exe
MD5 : 708C85F581C2B8331188458DE7002132
Publisher : Chencheng Cai
Size : 1065592
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll
MD5 : C086C36A7EF76662B88710438CE6EAA5
Publisher : Chencheng Cai
Size : 207480
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll

wzdl.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzdl.exe
MD5 : 4DBB08F96E87811A5163136C5513F129
Publisher : Chencheng Cai
Size : 280184
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\wzdl.exe

winzipersvc.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\winzipersvc.exe
MD5 : 9E50DA2A15498D3BA7A6E7B03C1FC816
Publisher : Chencheng Cai
Size : 1094264
Version : 3.0.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\winzipersvc.exe

wzdl.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\wzdl.exe
MD5 : 8120F99EC3DAFE6BA34F188DBD68F52D
Publisher : Yang Liu
Size : 330904
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\wzdl.exe

winzipersvc.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\winzipersvc.exe
MD5 : 33EE62000CEDA7C259EFB5842746490A
Publisher : Yang Liu
Size : 705688
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\winzipersvc.exe

winziper.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\winziper.exe
MD5 : B4A1ECCBF7C4536D4F0847A1DF3CD0F1
Publisher : Chencheng Cai
Size : 1500792
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\omigazip_patch\winziper.exe

eupgrade.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\wzp\eupgrade\eupgrade.exe
MD5 : 38D431B9F1623D684AB820D342E87C34
Publisher : Chencheng Cai
Size : 1115256
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\wzp\eupgrade\eupgrade.exe

saber.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\saber.exe
MD5 : D1222E6307D372BAD165724E3A1D7368
Publisher : Dening Hu
Size : 355608
Version : -
Detection : Adware:Win32/Elex-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\saber.exe

dlyac.exe
Status : Scanned
Object : %temp%\istf8ee.tmp\tools\dlyac.exe
MD5 : 769D321DC092F7BF0C15360F892C5B8C
Publisher : Chencheng Cai
Size : 208504
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istf8ee.tmp\tools\dlyac.exe

winziper.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\winziper.exe
MD5 : 90FC773C1D701DC511D619F683323CF0
Publisher : Yang Liu
Size : 1533592
Version : 2.0.17.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\winziper.exe

wzUpg.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\wzupg.exe
MD5 : D7974217289D7EF2072D6FCF3718BA52
Publisher : Yang Liu
Size : 367256
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\wzupg.exe

wzUninstall.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\wzuninstall.exe
MD5 : C5037A3EEC78B49B65D434580193850C
Publisher : Yang Liu
Size : 1075864
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\wzshellctx64.dll
MD5 : 0F8757B6C09ADA424F97FA096CB31A4C
Publisher : Yang Liu
Size : 201880
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\wzshellctx64.dll

wzShellctx.dll
Status : Scanned
Object : %temp%\istc8ad.tmp\omigazip_patch\wzshellctx.dll
MD5 : B495B9814EA3E66F98C0F1B6021BEDD4
Publisher : Yang Liu
Size : 173208
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\omigazip_patch\wzshellctx.dll

wzdl.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzdl.exe
MD5 : 0EFDD4A09B751759812FFC9579DE6CF2
Publisher : Chencheng Cai
Size : 319032
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzdl.exe

winzipersvc.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\winzipersvc.exe
MD5 : 1B402D76B6404FBE174FCA0AAA06B00E
Publisher : Chencheng Cai
Size : 1140792
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\winzipersvc.exe

winziper.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\winziper.exe
MD5 : E03C25C3709FB33720FB8B23C509A7F9
Publisher : Chencheng Cai
Size : 1424952
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\winziper.exe

eupgrade.exe
Status : Scanned
Object : %temp%\istc8ad.tmp\eupgrade\eupgrade.exe
MD5 : F61A01C9025B1699B7771E81B947458D
Publisher : Yang Liu
Size : 1135768
Version : 2.0.0.1
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\istc8ad.tmp\eupgrade\eupgrade.exe

wzUpg.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzupg.exe
MD5 : 93665CF6CFD585C24AB5A75D9C9E60A8
Publisher : Chencheng Cai
Size : 336440
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzupg.exe

wzUninstall.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzuninstall.exe
MD5 : 88CB692BE3D9E1872465D0F814F24442
Publisher : Chencheng Cai
Size : 1053752
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll
MD5 : FBF8DC054124F45542B23C01CA742B0A
Publisher : Chencheng Cai
Size : 203832
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll

wzShellctx.dll
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzshellctx.dll
MD5 : 21544E07FB182F93E3BF5E835C450BE7
Publisher : Chencheng Cai
Size : 175672
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\omigazip_patch\wzshellctx.dll

winzipersvc.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\winzipersvc.exe
MD5 : 69BBD1CB539B86843DC78AEF34FF30BF
Publisher : Yang Liu
Size : 1254960
Version : 3.0.0.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\winzipersvc.exe

winziper.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\winziper.exe
MD5 : 5F455DA17B5335A05D893C7D986D40A0
Publisher : Yang Liu
Size : 1500784
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\winziper.exe

eupgrade.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\eupgrade\eupgrade.exe
MD5 : 698D58BF8341C1C67765B75BA65ABA22
Publisher : Yang Liu
Size : 1115248
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\eupgrade\eupgrade.exe

dzkcmjw.exe
Status : Scanned
Object : %temp%\ist8852.tmp\dzkcmjw.exe
MD5 : 483F6F2572035F130F1A07096A7E72FF
Publisher : Chencheng Cai
Size : 224272
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\dzkcmjw.exe

yacdede.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\yacdede.exe
MD5 : 0CA519067D623040C0EF47989375482D
Publisher : Yang Liu
Size : 217712
Version : -
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\yacdede.exe

wzUpg.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzupg.exe
MD5 : 321669BA5FE378405C5C11917E12A2DF
Publisher : Yang Liu
Size : 394352
Version : 2.2.52.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzupg.exe

wzUninstall.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzuninstall.exe
MD5 : 068A8DE9BC37C597270E231B7471E137
Publisher : Yang Liu
Size : 1065584
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll
MD5 : D76F7D39FB0C7816C8EA92B1C610D5AE
Publisher : Yang Liu
Size : 207472
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll

wzShellctx.dll
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzshellctx.dll
MD5 : DCEB08259425054F2D641B83E265485D
Publisher : Yang Liu
Size : 178288
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzshellctx.dll

wzdl.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzdl.exe
MD5 : E9450B85E6892080EE5A0A5BD815FBFD
Publisher : Yang Liu
Size : 331888
Version : 5.0.0.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\wzp\omigazip_patch\wzdl.exe

eupgrade.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\wzp\eupgrade\eupgrade.exe
MD5 : A59AF3C0D0DCFFBD200F14F0DE947DC4
Publisher : Chencheng Cai
Size : 1115704
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\wzp\eupgrade\eupgrade.exe

Exnvd.exe
Status : Scanned
Object : %temp%\ist8852.tmp\tools\exnvd.exe
MD5 : 7D8899C68BC6D765943C53C2D10B596A
Publisher : Chencheng Cai
Size : 238096
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist8852.tmp\tools\exnvd.exe

sagrgr.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\tools\sagrgr.exe
MD5 : 785F939E46890133D65D2EA5293DBC81
Publisher : Dening Hu
Size : 355544
Version : -
Detection : Adware:Win32/Elex-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\tools\sagrgr.exe

boxgxfd.exe
Status : Scanned
Object : %temp%\ist7a6f.tmp\boxgxfd.exe
MD5 : 27B534CCC62197E3B4DEE18F4FC3CCBE
Publisher : Yang Liu
Size : 199792
Version : -
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist7a6f.tmp\boxgxfd.exe

wzUpg.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzupg.exe
MD5 : 4D579FC30A27CA674A07812EAC4B35E5
Publisher : Chencheng Cai
Size : 373368
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzupg.exe

wzUninstall.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzuninstall.exe
MD5 : CBCACD7D59F748FE306053FBFB20AC19
Publisher : Chencheng Cai
Size : 1053816
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll
MD5 : 2D354EAD21CED97D1D584AB997C4E30A
Publisher : Chencheng Cai
Size : 203896
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll

winziper.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\winziper.exe
MD5 : 97621C6439BC0EC7FA3335DB84EED3C3
Publisher : Chencheng Cai
Size : 1485944
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\winziper.exe

wzShellctx.dll
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzshellctx.dll
MD5 : 0A847F69644065F8188BFC9A97BE5472
Publisher : Chencheng Cai
Size : 175736
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzshellctx.dll

wzdl.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzdl.exe
MD5 : 352723CF4FBD78EF701478F7D5DD8A9F
Publisher : Chencheng Cai
Size : 319096
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\wzdl.exe

winzipersvc.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\winzipersvc.exe
MD5 : 0C90EF3DB773B769169D7856595CC2F7
Publisher : Chencheng Cai
Size : 1072248
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\winzipersvc.exe

winziper.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\winziper.exe
MD5 : EE0C40DE45368A5CF8B03823789A86A4
Publisher : Chencheng Cai
Size : 1425016
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\omigazip_patch\winziper.exe

eupgrade.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\wzp\eupgrade\eupgrade.exe
MD5 : A4A3C2B9B8E5B9E8D46BB662F61F54DB
Publisher : Chencheng Cai
Size : 1115768
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\wzp\eupgrade\eupgrade.exe

Exnvd.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\tools\exnvd.exe
MD5 : EFF4A3BDD6A62DE31B6C818B41FF4C15
Publisher : Chencheng Cai
Size : 238168
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\tools\exnvd.exe

dzkcmjw.exe
Status : Scanned
Object : %temp%\ist51a6.tmp\dzkcmjw.exe
MD5 : 86D942DC6054A6706998497D2D52BDFB
Publisher : Chencheng Cai
Size : 222296
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist51a6.tmp\dzkcmjw.exe

yacjg.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\yacjg.exe
MD5 : 3B3F91CFE5D46B68BDA39AF8B2AD7F82
Publisher : Chencheng Cai
Size : 218744
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\yacjg.exe

wzUpg.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzupg.exe
MD5 : E1AECFFB5E6D875C7EFEDE5CE5D13740
Publisher : Chencheng Cai
Size : 349816
Version : 2.2.52.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzupg.exe

wzUninstall.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzuninstall.exe
MD5 : 4FC3BF71D8D0AD22D89DC7A46C0FC675
Publisher : Chencheng Cai
Size : 1067128
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzuninstall.exe

wzShellctx64.dll
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll
MD5 : 103A762B98A3E9728378EB941B94F3A5
Publisher : Chencheng Cai
Size : 207480
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzshellctx64.dll

wzShellctx.dll
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzshellctx.dll
MD5 : 0944FFB261035A3C244B47AC42AEE393
Publisher : Chencheng Cai
Size : 178296
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzshellctx.dll

wzdl.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzdl.exe
MD5 : CD08423C05011BD0D79E1D7173EC47AE
Publisher : Chencheng Cai
Size : 280184
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\wzdl.exe

winzipersvc.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\winzipersvc.exe
MD5 : 68A27A0899D6405F20C2B7A9510EF67D
Publisher : Chencheng Cai
Size : 1018488
Version : 3.0.0.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\omigazip_patch\winzipersvc.exe

uninstall.exe
Status : Scanned
Object : %temp%\ist34e1.tmp\uninstall.exe
MD5 : 8310B3692CCA848B1583FF11178A6237
Publisher : Yanling Sun
Size : 1386616
Version : 3.1.0.0
Detection : Adware:Win32/AutoBulk.11edce!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist34e1.tmp\uninstall.exe

eupgrade.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\wzp\eupgrade\eupgrade.exe
MD5 : ADB8307D6268C519C894D42A424BDEC1
Publisher : Chencheng Cai
Size : 1121912
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\wzp\eupgrade\eupgrade.exe

saber.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\tools\saber.exe
MD5 : 1F1ABE54AB582ACA2AB9B0FA6C358EB9
Publisher : Dening Hu
Size : 443672
Version : -
Detection : Adware:Win32/Elex-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\tools\saber.exe

box.exe
Status : Scanned
Object : %temp%\ist3b23.tmp\box.exe
MD5 : AB29E7DCD3418EC15E324D3550E9D2C8
Publisher : Chencheng Cai
Size : 200312
Version : -
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\ist3b23.tmp\box.exe

OCComSDK.dll
Status : Scanned
Object : %temp%\hyda4e1.tmp.1455390822\hta\3rdparty\occomsdk.dll
MD5 : DD40DDFAE58C293F07D5C2A310727D04
Publisher : OpenCandy
Size : 195032
Version : 1.0.0.1
Detection : Adware:Win32/OpenCandy!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\hyda4e1.tmp.1455390822\hta\3rdparty\occomsdk.dll

dam_setup[1].exe
Status : Scanned
Object : %localappdata%\microsoft\windows\temporary internet files\content.ie5\dakawmd8\dam_setup[1].exe
MD5 : D37E409E4456CD7A06720453466BEA5C
Publisher : Yu Bao
Size : 1488560
Version : 47170.0.0.0
Detection : Adware:Win32/YesSearch!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\dakawmd8\dam_setup[1].exe

setup[1].exe
Status : Scanned
Object : %localappdata%\microsoft\windows\temporary internet files\content.ie5\2dpcevpy\setup[1].exe
MD5 : 145D76FC31D7785B1E33E32E5ECDDB2B
Publisher : Somoto Ltd
Size : 430944
Version : 1.0.0.1
Detection : Adware:Win32/Somoto!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\2dpcevpy\setup[1].exe

hhhhsetacti[1].dll
Status : Scanned
Object : %localappdata%\microsoft\windows\temporary internet files\content.ie5\2dpcevpy\hhhhsetacti[1].dll
MD5 : 83FB126DF097E5B069FD6F00FC9B7E8B
Publisher : Shanghai Yuntong Technology Co., Ltd.
Size : 233896
Version : 1.1.1.1
Detection : Adware:Win32/AutoBulk.038352!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\2dpcevpy\hhhhsetacti[1].dll

msmg.dll
Status : Scanned
Object : %programdata%\microsoft\visualstudio\14.0\2052\msmg.dll
MD5 : 2DBA04CE8115610BBA29FBF8C77A5EE3
Publisher : -
Size : 368128
Version : -
Detection : Trojan:Win32/Bailoat.A!Eema
Cleaning Action : Quarantine
Related Objects :
File - %programdata%\microsoft\visualstudio\14.0\2052\msmg.dll

protect.exe
Status : Scanned
Object : %programdata%\monold\protect\protect.exe
MD5 : E960A7BB7D819352EAF23A77D3B5C9BE
Publisher : Wei Liu
Size : 302976
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programdata%\monold\protect\protect.exe

wzUninstall.exe
Status : Scanned
Object : %programfiles%\winzipper\wzuninstall.exe
MD5 : 068A8DE9BC37C597270E231B7471E137
Publisher : Yang Liu
Size : 1065584
Version : 2.1.4.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\wzuninstall.exe
Reference - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk

uninstall.exe
Status : Scanned
Object : %programfiles%\qksee\uninstall.exe
MD5 : 8310B3692CCA848B1583FF11178A6237
Publisher : Yanling Sun
Size : 1386616
Version : 3.1.0.0
Detection : Adware:Win32/AutoBulk.11edce!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\qksee\uninstall.exe
Reference - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee\uninstall.lnk

wzdl.exe
Status : Scanned
Object : %programfiles%\winzipper\wzdl.exe
MD5 : E9450B85E6892080EE5A0A5BD815FBFD
Publisher : Yang Liu
Size : 331888
Version : 5.0.0.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\wzdl.exe

wzShellctx64.dll
Status : Scanned
Object : %programfiles%\winzipper\wzshellctx64.dll
MD5 : D76F7D39FB0C7816C8EA92B1C610D5AE
Publisher : Yang Liu
Size : 207472
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\wzshellctx64.dll

wzUpg.exe
Status : Scanned
Object : %programfiles%\winzipper\wzupg.exe
MD5 : 321669BA5FE378405C5C11917E12A2DF
Publisher : Yang Liu
Size : 394352
Version : 2.2.52.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\wzupg.exe

Boobseed.exe
Status : Scanned
Object : %programdata%\boobseed\boobseed.exe
MD5 : 21F0DFB62580073A7034BCD1AE640257
Publisher : Shan Feng
Size : 450944
Version : 1.0.0.1
Detection : Adware:Win32/AutoBulk.06bce7!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programdata%\boobseed\boobseed.exe

winziper.exe
Status : Scanned
Object : %programfiles%\winzipper\winziper.exe
MD5 : 5F455DA17B5335A05D893C7D986D40A0
Publisher : Yang Liu
Size : 1500784
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\winziper.exe

winzipersvc.exe
Status : Scanned
Object : %programfiles%\winzipper\winzipersvc.exe
MD5 : 69BBD1CB539B86843DC78AEF34FF30BF
Publisher : Yang Liu
Size : 1254960
Version : 3.0.0.0
Detection : Adware:Win32/AutoBulk.2519b0!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\winzipersvc.exe

WinSaber.exe
Status : Scanned
Object : %programfiles%\winsaber\winsaber.exe
MD5 : 1F1ABE54AB582ACA2AB9B0FA6C358EB9
Publisher : Dening Hu
Size : 443672
Version : -
Detection : Adware:Win32/Elex-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winsaber\winsaber.exe

_wzShellctx64 (2).dll
Status : Scanned
Object : %programfiles%\winzipper\_wzshellctx64 (2).dll
MD5 : C086C36A7EF76662B88710438CE6EAA5
Publisher : Chencheng Cai
Size : 207480
Version : 2.2.28.0
Detection : Adware:Win32/AutoBulk.b0205a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipper\_wzshellctx64 (2).dll

Archer.dll
Status : Scanned
Object : %programfiles%\winarcher\archer.dll
MD5 : 8FABE846C2B440E46601931025E221FD
Publisher : -
Size : 796160
Version : 1.0.0.1
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winarcher\archer.dll

unIns.exe
Status : Scanned
Object : %programfiles%\searchestoyesbnd\unins.exe
MD5 : 374D74AC953DFFAC8A49E54C2F569EF5
Publisher : Hongkong zoekyu Technology Limited
Size : 263864
Version : -
Detection : Adware:Win32/YesSearch!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\searchestoyesbnd\unins.exe

BrowserUpdate.exe
Status : Scanned
Object : %programfiles%\qqbrowser\update\download\f7d3b1f7cb6a32c3cb90685798204dc4\update\browserupdate.exe
MD5 : 5BCE955CF12AF3417F055DADC0212920
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 690144
Version : 9.3.6494.400
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\qqbrowser\update\download\f7d3b1f7cb6a32c3cb90685798204dc4\update\browserupdate.exe

pepflashplayer.dll
Status : Scanned
Object : %programfiles%\monold\monold\pepperflash\pepflashplayer.dll
MD5 : FF18A25E1127816AA7CBCFC2B24927A3
Publisher : Wei Liu
Size : 17525760
Version : 21.0.0.216
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\pepperflash\pepflashplayer.dll

wow_helper.exe
Status : Scanned
Object : %programfiles%\monold\monold\wow_helper.exe
MD5 : 496CCFD6EE411FDAC8B897C206EED708
Publisher : Wei Liu
Size : 72064
Version : -
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\wow_helper.exe

libegl.dll
Status : Scanned
Object : %programfiles%\monold\monold\libegl.dll
MD5 : 2D7333E46E61A60B71CE4092CC872EF9
Publisher : Wei Liu
Size : 80256
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\libegl.dll

libglesv2.dll
Status : Scanned
Object : %programfiles%\monold\monold\libglesv2.dll
MD5 : 811D295D65CC901A60DB299D6D3494C2
Publisher : Wei Liu
Size : 1708416
Version : 2.1.0.0
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\libglesv2.dll

libexif.dll
Status : Scanned
Object : %programfiles%\monold\monold\libexif.dll
MD5 : 3B2CFFDA98C7821EC9E69743387D70AA
Publisher : Wei Liu
Size : 301440
Version : -
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\libexif.dll

chrome_elf.dll
Status : Scanned
Object : %programfiles%\monold\monold\chrome_elf.dll
MD5 : 6F8E6F944405C1254528A5BCF22FF22B
Publisher : Wei Liu
Size : 116608
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\chrome_elf.dll

delegate_execute.exe
Status : Scanned
Object : %programfiles%\monold\monold\delegate_execute.exe
MD5 : 2FA083665A0A2B4F845055F33718618F
Publisher : Wei Liu
Size : 651136
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\delegate_execute.exe

d3dcompiler_47.dll
Status : Scanned
Object : %programfiles%\monold\monold\d3dcompiler_47.dll
MD5 : 205F988AF3F48FCECE543AF9CF777D14
Publisher : Wei Liu
Size : 3698560
Version : 10.0.10586.15
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\d3dcompiler_47.dll

chrome_watcher.dll
Status : Scanned
Object : %programfiles%\monold\monold\chrome_watcher.dll
MD5 : ACF4D058BB5C033A983072A5C5FF76FC
Publisher : Wei Liu
Size : 397184
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\chrome_watcher.dll

chrome_child.dll
Status : Scanned
Object : %programfiles%\monold\monold\chrome_child.dll
MD5 : B12CB6A3DBEEAA0591279FBFAC069F74
Publisher : Wei Liu
Size : 44157952
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\chrome_child.dll

chrome.exe
Status : Scanned
Object : %programfiles%\monold\monold\chrome.exe
MD5 : 6182445147AD42FF80FA3EDA7A50FC87
Publisher : Wei Liu
Size : 1030528
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\chrome.exe

Monold_server.exe
Status : Scanned
Object : %programfiles%\monold\monold\bin\monold_server.exe
MD5 : 68A38C6300C65E5BE6591962B274A5B2
Publisher : Wei Liu
Size : 487296
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\bin\monold_server.exe

Monold_browser.dll
Status : Scanned
Object : %programfiles%\monold\monold\bin\monold_browser.dll
MD5 : 562C632437BEB67C12BCA75AA1958016
Publisher : Wei Liu
Size : 289152
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\bin\monold_browser.dll

Monold_update.dll
Status : Scanned
Object : %programfiles%\monold\monold\bin\monold_update.dll
MD5 : 73EE097F91B1C81491BADC5C05DBBD8B
Publisher : Wei Liu
Size : 281984
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\bin\monold_update.dll

chrome.dll
Status : Scanned
Object : %programfiles%\monold\monold\chrome.dll
MD5 : 183C30AEF1A952C70954C4DA295CCAC7
Publisher : Wei Liu
Size : 35080192
Version : 50.20.2661.78
Detection : Adware:Win32/AutoBulk.794f58!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\monold\monold\chrome.dll

ssleay32.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\ssleay32.dll
MD5 : 3D403B96BCD9E68077B2B701F5D9B04D
Publisher : Elex do Brasil Participações Ltda
Size : 281648
Version : 1.0.1.10
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\ssleay32.dll

uninstall.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\uninstall.exe
MD5 : 120AFCB7A04CE9CDB5D6CBD3D8433E7D
Publisher : Elex do Brasil Participações Ltda
Size : 1053208
Version : 6.11.102.30716
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\uninstall.exe

iSafeSvc2.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\tws\isafesvc2.exe
MD5 : A03A95B389479B2ADE3A288FA2EA11D1
Publisher : Elex do Brasil Participações Ltda
Size : 118048
Version : 4.0.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\tws\isafesvc2.exe

ouilibx.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\ouilibx.dll
MD5 : 717D7D447FC177BFC6752555A7DEA4CA
Publisher : Elex do Brasil Participações Ltda
Size : 1926472
Version : 1.0.248.8837
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\ouilibx.dll

iSafeSvc2.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesvc2.exe
MD5 : A03A95B389479B2ADE3A288FA2EA11D1
Publisher : Elex do Brasil Participações Ltda
Size : 118048
Version : 4.0.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesvc2.exe

zlib1.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\zlib1.dll
MD5 : F480E60D26620884CC1630489605FF71
Publisher : Elex do Brasil Participações Ltda
Size : 65696
Version : 1.2.3.0
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\zlib1.dll

YACcleaner.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\yaccleaner.exe
MD5 : 3136943495F4E2E956F6F8C11F67CB67
Publisher : Elex do Brasil Participações Ltda
Size : 480680
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\yaccleaner.exe

libeay32.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\libeay32.dll
MD5 : 68306536CD11223F7867E5434E2857EB
Publisher : Elex do Brasil Participações Ltda
Size : 1187000
Version : 1.0.1.10
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\libeay32.dll

libcurl.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\libcurl.dll
MD5 : CA044CB149463E5B7F33E5EBD38C5352
Publisher : Elex do Brasil Participações Ltda
Size : 306368
Version : 7.37.0.0
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\libcurl.dll

iTPVirus.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpvirus.dll
MD5 : ECABD3F2A963354CC5D510FC4D593072
Publisher : Elex do Brasil Participações Ltda
Size : 477096
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpvirus.dll

iTPStartupAssist.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpstartupassist.dll
MD5 : AFA639C19B289D22927F80AE13A17F85
Publisher : Elex do Brasil Participações Ltda
Size : 359640
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpstartupassist.dll

iTPPush.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itppush.dll
MD5 : D02EB1513CC04F1B7C5B4DAF18FAF4C7
Publisher : Elex do Brasil Participações Ltda
Size : 247944
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itppush.dll

iSafeNetFilter.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafenetfilter.sys
MD5 : 9FB02FBA90F6AF59537A30C3DB9777C8
Publisher : Elex do Brasil Participações Ltda
Size : 52392
Version : 1.4.6.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafenetfilter.sys

iTPProtect.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpprotect.dll
MD5 : 4E918BB714E454031974F8408DD59897
Publisher : Elex do Brasil Participações Ltda
Size : 327480
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpprotect.dll

iTpNodisturb.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpnodisturb.dll
MD5 : 65870C7177F733CF0918A387E58FEA12
Publisher : Elex do Brasil Participações Ltda
Size : 209512
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpnodisturb.dll

iTPMsgCenter.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpmsgcenter.dll
MD5 : E1A4FF66BBC4B33744B06F072EFC07CC
Publisher : Elex do Brasil Participações Ltda
Size : 218400
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpmsgcenter.dll

iTPFloaty.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpfloaty.dll
MD5 : 1E452D1ED5BC0AE78E613AABA2D702DB
Publisher : Elex do Brasil Participações Ltda
Size : 531632
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpfloaty.dll

iTPFeedback.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpfeedback.dll
MD5 : D90E91BC5E7376963CD4D6883DA6FB33
Publisher : Elex do Brasil Participações Ltda
Size : 256376
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpfeedback.dll

iTPDesk.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpdesk.dll
MD5 : 18E35756F9A8CCA89F50FB66E89AE42B
Publisher : Elex do Brasil Participações Ltda
Size : 195568
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpdesk.dll

iTPAutoClean.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\itpautoclean.dll
MD5 : BEBD41A916B9E275F67E22BFD8111168
Publisher : Elex do Brasil Participações Ltda
Size : 96336
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\itpautoclean.dll

iSvc2.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isvc2.dll
MD5 : ABF00767EE41EF84ECA0DF6B2DAC71EC
Publisher : Elex do Brasil Participações Ltda
Size : 1555440
Version : 6.11.102.30716
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isvc2.dll

iSvc.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isvc.dll
MD5 : B81E206290E0C049CB06D00E03825EC6
Publisher : Elex do Brasil Participações Ltda
Size : 313760
Version : 6.10.480.30744
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isvc.dll

iStart.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\istart.exe
MD5 : 67781D8403738676D3480604E58CDD4F
Publisher : Elex do Brasil Participações Ltda
Size : 316488
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\istart.exe

iSafeVirusScanner.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafevirusscanner.exe
MD5 : D131D23BDE1B805A74507FECAB927EED
Publisher : Elex do Brasil Participações Ltda
Size : 558616
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafevirusscanner.exe

iSvc2.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isvc2.dll.bak
MD5 : 688E0739AD2CA6FA32102F5A009DC446
Publisher : Elex do Brasil Participações Ltda
Size : 1559312
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isvc2.dll.bak

iSafeKrnlBoot.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlboot.sys
MD5 : FAB2EBA07369BF3C6DB33469B5B36FCB
Publisher : Elex do Brasil Participações Ltda
Size : 55056
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlboot.sys

isafebase.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafebase.dll
MD5 : E2E5A1B67F24EF26BE81E6628A97948E
Publisher : Elex do Brasil Participações Ltda
Size : 1052672
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafebase.dll

iSafeAdless.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeadless.dll
MD5 : DBF4921534C23DCC4ADF0A30A6A5346D
Publisher : Elex do Brasil Participações Ltda
Size : 434224
Version : 6.10.482.30759
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeadless.dll

isafeadfv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeadfv.dll
MD5 : 57709CF57FC8237CB8B8053915568B0E
Publisher : Elex do Brasil Participações Ltda
Size : 425176
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeadfv.dll

iSafe.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafe.exe
MD5 : 8894AD9333782437EC7F15AA1B1B24DB
Publisher : Elex do Brasil Participações Ltda
Size : 708360
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafe.exe

ipcproxy.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\ipcproxy.dll
MD5 : 8164A5E63B90ABCBFFC1A33102EACBAC
Publisher : Elex do Brasil Participações Ltda
Size : 143128
Version : 5.5.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\ipcproxy.dll

ipcdl.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\ipcdl.exe
MD5 : EC7210A6E0806CFDE79565952F3E84CC
Publisher : Elex do Brasil Participações Ltda
Size : 290936
Version : 5.5.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\ipcdl.exe

iImportLib.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\iimportlib.dll
MD5 : 2FAE9A2C3B5ED897F62687014B613492
Publisher : Elex do Brasil Participações Ltda
Size : 990392
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\iimportlib.dll

isafebase.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafebase.dll.bak
MD5 : 3029C8D888DD258BCA96BAEF6FD431A4
Publisher : Elex do Brasil Participações Ltda
Size : 1057912
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafebase.dll.bak

iSafeAdless.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeadless.dll.bak
MD5 : 25C2A36FC9E30DE03C5308BB1FB77097
Publisher : Elex do Brasil Participações Ltda
Size : 431320
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeadless.dll.bak

iImportLib.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\iimportlib.dll.bak
MD5 : 548048CCCE1E0993BC21F2DCBD5AA9F9
Publisher : Elex do Brasil Participações Ltda
Size : 999216
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\iimportlib.dll.bak

iDskDllPatch64.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\idskdllpatch64.dll
MD5 : 5C2CCD9975CADE566E85FD37BB814B25
Publisher : Elex do Brasil Participações Ltda
Size : 97872
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\idskdllpatch64.dll

iDskDllPatch.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\idskdllpatch.dll
MD5 : 939E9F2C56AFA68F2801E37B01883AD6
Publisher : Elex do Brasil Participações Ltda
Size : 91608
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\idskdllpatch.dll

iDesk.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\idesk.exe
MD5 : EBBC91C4D1ED22AB09D15B5BD1A94B2F
Publisher : Elex do Brasil Participações Ltda
Size : 890584
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\idesk.exe

iddmgr.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\iddmgr.dll
MD5 : 57D578A97254F69F2B86FC7F48B329CB
Publisher : Elex do Brasil Participações Ltda
Size : 220448
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\iddmgr.dll

iCommu.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\icommu.dll
MD5 : 79DFEE4443DF28FE78619B2DF5688440
Publisher : Elex do Brasil Participações Ltda
Size : 61432
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\icommu.dll

iCommon.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\icommon.dll
MD5 : 7DABBD201FE15A7521F0FE2EACF3A0D5
Publisher : Elex do Brasil Participações Ltda
Size : 386688
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\icommon.dll

feedback.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\feedback.exe
MD5 : 16A0B23895CDC38D20F20CEBC29C258B
Publisher : Elex do Brasil Participações Ltda
Size : 354728
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\feedback.exe

bugreport.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\bugreport.exe
MD5 : CF0DFB93EE3BA0CC7AC8976554265571
Publisher : Elex do Brasil Participações Ltda
Size : 451072
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\bugreport.exe

iCommu.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\icommu.dll.bak
MD5 : EABE32E957013E73B4A7DC47E6EAA95D
Publisher : Elex do Brasil Participações Ltda
Size : 61432
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\icommu.dll.bak

iSafeKrnl.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnl.sys
MD5 : 5E07045CEAE146804475434227649883
Publisher : Elex do Brasil Participações Ltda
Size : 262344
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnl.sys

iSafeEngineDisp.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeenginedisp.dll
MD5 : FA184BD3A56DBBF7CC7FB6A51441EDF8
Publisher : Elex do Brasil Participações Ltda
Size : 660984
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeenginedisp.dll

iSafeEngineBase.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeenginebase.dll
MD5 : F63638A776B3DBE7F169F2367F319916
Publisher : Elex do Brasil Participações Ltda
Size : 375344
Version : 6.3.63.25300
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeenginebase.dll

iSafeDisp.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafedisp.dll
MD5 : 950A1F897CC2AC8F67D3557128317F9A
Publisher : Elex do Brasil Participações Ltda
Size : 239632
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafedisp.dll

isafeclean.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeclean.dll
MD5 : 45396E29A23A5B746838406E06B0654E
Publisher : Elex do Brasil Participações Ltda
Size : 299920
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeclean.dll

isafeclcv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeclcv.dll
MD5 : 15EFCF45E5E6F1520C2DF85D863F9CBB
Publisher : Elex do Brasil Participações Ltda
Size : 113928
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeclcv.dll

isafeclc.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeclc.dll
MD5 : 1ADFF4D20F14398BEA10EE18AD78339E
Publisher : Elex do Brasil Participações Ltda
Size : 165904
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeclc.dll

isafechlp.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafechlp.dll
MD5 : 2427FE812329ECD93304F5E4B64B16BE
Publisher : Elex do Brasil Participações Ltda
Size : 1119056
Version : 6.0.0.0
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafechlp.dll

iSafeCheckEngine.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafecheckengine.dll
MD5 : 2DAE066BF9910D6956DFE6713C47959D
Publisher : Elex do Brasil Participações Ltda
Size : 432912
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafecheckengine.dll

iSafeBugReport.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafebugreport.exe
MD5 : 17F1E581372B6DAE1C7C7C3FFBEBB5F5
Publisher : Elex do Brasil Participações Ltda
Size : 308744
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafebugreport.exe

isafebs.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafebs.dll
MD5 : C166AC0DF6A8919B03A7E72659403845
Publisher : Elex do Brasil Participações Ltda
Size : 1055064
Version : 6.10.463.30668
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafebs.dll

iSafeDisp.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafedisp.dll.bak
MD5 : B932275EBF1977AFA507D9389369899B
Publisher : Elex do Brasil Participações Ltda
Size : 308744
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafedisp.dll.bak

isafebs.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafebs.dll.bak
MD5 : 5D8AAB4822C505DC83BAAFFF614AEF45
Publisher : Elex do Brasil Participações Ltda
Size : 936304
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafebs.dll.bak

isafeupbiz.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafeupbiz.dll
MD5 : 288B23419D6156CD09FF12AE58C0B5D5
Publisher : Elex do Brasil Participações Ltda
Size : 100432
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafeupbiz.dll

iSafeTray.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafetray.exe
MD5 : DDB384A4F994BB3FCFEFBF9E9AD5843E
Publisher : Elex do Brasil Participações Ltda
Size : 369488
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafetray.exe

iSafeTHlp64.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafethlp64.exe
MD5 : 49C1B6588FB4222FD88376118C1B61FC
Publisher : Elex do Brasil Participações Ltda
Size : 470448
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafethlp64.exe

iSafeTHlp.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafethlp.exe
MD5 : 9C59071B0B5C110A779BE85A4C745D09
Publisher : Elex do Brasil Participações Ltda
Size : 503568
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafethlp.exe

isafetbv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafetbv.dll
MD5 : B992F345E4C8DC3768F4FA3BA498A04B
Publisher : Elex do Brasil Participações Ltda
Size : 218400
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafetbv.dll

iSafeSvc.exe
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesvc.exe
MD5 : 11F6F9216D8F77EAC196B07D66E819EA
Publisher : Elex do Brasil Participações Ltda
Size : 118048
Version : 4.0.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesvc.exe

isafesv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesv.dll
MD5 : 1B7C154833D0ECE0A705E3B03A29D609
Publisher : Elex do Brasil Participações Ltda
Size : 208552
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesv.dll

iSafeSrvMon64.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesrvmon64.dll
MD5 : 67011CC31CEFA030293BA0ABBCEA656E
Publisher : Elex do Brasil Participações Ltda
Size : 311592
Version : 6.1.45.23411
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesrvmon64.dll

isafesptv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesptv.dll
MD5 : 2CFF2885FBDB988B4AB2932897977EB6
Publisher : Elex do Brasil Participações Ltda
Size : 563856
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesptv.dll

isafesopt.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesopt.dll
MD5 : A6E077D11B25CAB8E49954CC71CE5CD8
Publisher : Elex do Brasil Participações Ltda
Size : 560152
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesopt.dll

isafesmgr.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafesmgr.dll
MD5 : 8F872953DE04973877A1A0C1656C4F8C
Publisher : Elex do Brasil Participações Ltda
Size : 474536
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafesmgr.dll

isaferpt.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isaferpt.dll
MD5 : FD5330C6AD1F1E1937AE946654952E74
Publisher : Elex do Brasil Participações Ltda
Size : 129360
Version : 6.11.106.30750
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isaferpt.dll

iSafeRKScanShell64.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isaferkscanshell64.dll
MD5 : 5B1159CBEE40E1C291CD4FA6078AF0EF
Publisher : Elex do Brasil Participações Ltda
Size : 503624
Version : 0.0.0.1
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isaferkscanshell64.dll

isafepxy.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafepxy.dll
MD5 : F2FD7ED0F019F75D6DDAC05530349095
Publisher : Elex do Brasil Participações Ltda
Size : 126904
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafepxy.dll

iSafenpf.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafenpf.dll
MD5 : 06CEC589B3D56A32EFB677F268BC7249
Publisher : Elex do Brasil Participações Ltda
Size : 202736
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafenpf.dll

isafemvsv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemvsv.dll
MD5 : B251C2B5E1C3D5C2914E6CED229CCDBE
Publisher : Elex do Brasil Participações Ltda
Size : 1343648
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemvsv.dll

isafemsmv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemsmv.dll
MD5 : F97688728080A282DFBF8444E8C71FFF
Publisher : Elex do Brasil Participações Ltda
Size : 327480
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemsmv.dll

isafemoptv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemoptv.dll
MD5 : 8B9DF71BDDF934AF673DCDB693D32F38
Publisher : Elex do Brasil Participações Ltda
Size : 410656
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemoptv.dll

iSafeMon64.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemon64.dll
MD5 : F26D89C9C6E9EC5786BA13C6B4370DBE
Publisher : Elex do Brasil Participações Ltda
Size : 345640
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemon64.dll

iSafeMon.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemon.dll
MD5 : 0A6AB256F45132B220A95E16286F69DD
Publisher : Elex do Brasil Participações Ltda
Size : 300496
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemon.dll

isafemgc.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemgc.dll
MD5 : 6F3F87E487AE75CC1D5F97B7F272952E
Publisher : Elex do Brasil Participações Ltda
Size : 551168
Version : 6.11.102.30716
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemgc.dll

isafemclv.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemclv.dll
MD5 : 6A56DA2A7086B8A40AF96BD1601D0924
Publisher : Elex do Brasil Participações Ltda
Size : 791416
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemclv.dll

isafemc.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemc.dll
MD5 : 6ED14F3EC164F36BAD35CCC4D5A901B0
Publisher : Elex do Brasil Participações Ltda
Size : 40136
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemc.dll

isafembp.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafembp.dll
MD5 : 2EE7EF4D5A6C98B42D3E29BCDE90D46A
Publisher : Elex do Brasil Participações Ltda
Size : 496336
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafembp.dll

isafemadwc.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemadwc.dll
MD5 : 7335452597B26508A6CD9D8608D5DCD6
Publisher : Elex do Brasil Participações Ltda
Size : 456256
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemadwc.dll

iSafeKrnlShell.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlshell.dll
MD5 : CF985FF35ADFB086DDDE73EEA0F058D9
Publisher : Elex do Brasil Participações Ltda
Size : 32392
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlshell.dll

iSafeKrnlR3.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlr3.sys
MD5 : C7129E801982BC831831D2F6DD6FCE8B
Publisher : Elex do Brasil Participações Ltda
Size : 103904
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlr3.sys

iSafeKrnlMonCall.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlmoncall.dll
MD5 : FA5AD499370F61CA9B4E14F4C67253A2
Publisher : Elex do Brasil Participações Ltda
Size : 474536
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlmoncall.dll

iSafeKrnlMon.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlmon.sys
MD5 : A22E4FC5E5A801DAAE7978F87059CC9F
Publisher : Elex do Brasil Participações Ltda
Size : 52440
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlmon.sys

iSafeKrnlKit.sys
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlkit.sys
MD5 : 406D4425ECFD7BAAFA0E700F7A2E64FD
Publisher : Elex do Brasil Participações Ltda
Size : 110112
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlkit.sys

iSafeKrnlCall64.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlcall64.dll
MD5 : A530218FDBA1B68B7798DB8BBE0F0CD3
Publisher : Elex do Brasil Participações Ltda
Size : 178952
Version : 5.6.29.17804
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlcall64.dll

iSafeKrnlCall.dll
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlcall.dll
MD5 : C5F511A6EDC09CDFDC563FEF9BE92C69
Publisher : Elex do Brasil Participações Ltda
Size : 244360
Version : 6.10.449.30619
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlcall.dll

isaferpt.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isaferpt.dll.bak
MD5 : 9A09D32B8D62398B89DE9E287FE86535
Publisher : Elex do Brasil Participações Ltda
Size : 186688
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isaferpt.dll.bak

isafepxy.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafepxy.dll.bak
MD5 : A60FDEEF5CC3EE74F0A870FF7D3BFD7B
Publisher : Elex do Brasil Participações Ltda
Size : 126904
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafepxy.dll.bak

iSafenpf.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafenpf.dll.bak
MD5 : 696E78FE24F1DBBDC51A4F67E3A973A0
Publisher : Elex do Brasil Participações Ltda
Size : 206384
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafenpf.dll.bak

isafemc.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemc.dll.bak
MD5 : 7EF54E1A8C8A810A1778FBBC3543F31B
Publisher : Elex do Brasil Participações Ltda
Size : 40136
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemc.dll.bak

isafemadwc.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafemadwc.dll.bak
MD5 : 870A2428EB6C9DEC05B71942ED6BE195
Publisher : Elex do Brasil Participações Ltda
Size : 456256
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafemadwc.dll.bak

iSafeKrnlShell.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlshell.dll.bak
MD5 : 980E0335F43F766F99711DA206AF2576
Publisher : Elex do Brasil Participações Ltda
Size : 32392
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlshell.dll.bak

iSafeKrnlMonCall.dll.bak
Status : Scanned
Object : %programfiles%\elex-tech\yac\isafekrnlmoncall.dll.bak
MD5 : 9B4C7F90E84914149F55CA2EE23453BA
Publisher : Elex do Brasil Participações Ltda
Size : 474536
Version : 6.9.342.30480
Detection : Adware:Win32/Elex!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\elex-tech\yac\isafekrnlmoncall.dll.bak

iThemes.dll
Status : Scanned
Object : %commonprogramfiles%\services\ithemes.dll
MD5 : C51E5323805CB866031E44452419B400
Publisher : -
Size : 567808
Version : 0.1.0.3
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %commonprogramfiles%\services\ithemes.dll

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 12.12.2016 00:28:39
Path starting: C:\Users\Henry\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Henry
VersionXML: 3.59is-11.12.2016
___________________________________________________________________________

Windows 8(6.2.9200) (x64) Core Lang: English(0409)
Installation date OS: 13.02.2016 14:17:00
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Bangkiss\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [372.6 Gb] Used: [115.4 Gb] Free: [257.2 Gb]
------------------------------- [ Windows ] -------------------------------
Service Pack not Installed Warning! Download Update
Possible re-activation of Windows will be needed.
Internet Explorer 10.0.9200.17607
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-12-11 23:48:37
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4454.1510
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.118
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50428.0 Warning! Download Update
WinRAR 5.31 (32-bit) v.5.31.0 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Reader X MUI v.10.0.0 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.99 Warning! Download Update
Mozilla Firefox 47.0.1 (x86 en-GB) v.47.0.1 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Bangkiss\Application\chrome.exe v.55.0.2883.75
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Windows Defender\MsMpEng.exe v.4.8.207.0
Windows Defender Service (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
WildTangent Games v.1.0.0.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
amuleC v.1.0.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Update Installer for WildTangent Games App << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App v.4.0.10.5 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 149.45323

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.10.9200.17607
Henry :: HENRYS-PC

12/12/2016 12:08:05 AM
9lab-log-2016-12-12 (00-08-05).txt

Scan type: Full
Objects scanned: 54712
Time Elapsed: 16 m 22 s

Registry Keys detected: 4
Adware.RPL.ELEX.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}]
Adware.RPL.ELEX.vl [HKEY_CLASSES_ROOT\Microsoft.Ptid.Host.List]
Adware.RPL.ELEX.vl [HKEY_CLASSES_ROOT\Local Settings\ms-ptid-key]
Adware.RPL.ELEX.dd [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCRL]


Registry Values detected: 1
Risk.ImageFileExecutionOptions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe Debugger]


Files detected: 2
[BFEF255BB461CA4AD307F0565DE3A9A9] Adware.Win32.ELEX.dd!n [C:\AdwCleaner\quarantine\files\trsueebvsdlsdcvhhjrzjlmpdorjopog\YAC\curlpp.dll]
[BFEF255BB461CA4AD307F0565DE3A9A9] Adware.Win32.ELEX.dd!n [C:\AdwCleaner\quarantine\files\ygximoqubffnhvqpfrwniyktkfzvzfat\YAC\curlpp.dll]
 

Attachments

  • 9lab-log-2016-12-12 (00-08-05).txt
    1.1 KB · Views: 8
  • SecurityCheck.txt
    9.9 KB · Views: 5
Last edited by a moderator:

Step 1: HijackThis.




1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 2: Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Step 3: EEK Scan.

We will need a Log from Emsisoft Emergency Kit.

Please go HERE and download Emsisoft Emergency Kit, save it to somewhere you can find it, the desktop will be the best place. Once downloaded Double left click on the new desktop icon



The installer will open and display the license agreement and the proposed program folder location, accept this and then click the install button.



It will take a minute or two to extract all the files into the destination folder and when complete the folder should open in an explorer window. If by chance it does not, open Windows Explorer and navigate to C:\EEK and the folder contents should appear similar to that below.

Right click the "Start Emergency Kit Scanner.exe" file and select Run as Administrator from the drop down menu.



The malware signatures will load and a prompt will appear to update online. Click "Yes" to update.



The update will take a few minutes and the Update now box for step one will turn green. In the second box labelled "2. Scan" click on the "Custom Scan" label as per picture below.



The custom scan options box will open and by default will have selected the default operating system drive by default. Accept the "Scan Object" and "Scan Settings" options already checked, ensure the options shown below are selected, and click the next button.



The scan will begin which may take some time to complete. If any suspicious files are found they will be listed and automatically selected for quarantine.
  1. Select "Quarantine Selected"
  2. Then select "View Report"


A notepad file will open with the results of the scan.

A copy of the report can also be found by clicking the logs "Logs" box on the program main opening screen.

Please COPY and PASTE the contents of the report in your next reply:)
 
I have also finished doing the checkdisk.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:44 PM, on 12/12/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Program Files (x86)\Bangkiss\Application\chrome.exe
C:\Users\Henry\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @oem17.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem17.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem17.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)
O23 - Service: @oem17.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Protect Service(Monold_protect) (Monold_protect) - Unknown owner - C:\ProgramData\Monold\protect\protect.exe (file missing)
O23 - Service: Update Service(Monold_update) (Monold_update) - Unknown owner - C:\Program Files (x86)\Monold\Monold\bin\Monold_server.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9282 bytes

Emsisoft Emergency Kit - Version 12.0
Last update: 12/12/2016 1:13:57 PM
User account: HENRYS-PC\Henry
Computer name: HENRYS-PC
OS version: Windows 8x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 12/12/2016 1:15:23 PM
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/chdd.exe detected: Trojan.Generic.17950313 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/chdada.exe detected: Trojan.Generic.17952805 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> box.exe detected: Gen:Variant.Adware.Xadupi.6 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> dzkcmjw.exe detected: Gen:Variant.Symmi.68499 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/dlyac.exe detected: Gen:Variant.Adware.Xadupi.5 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/ffgg.exe detected: Adware.Ghokswa.D (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/ch.exe detected: Trojan.GenericKD.3447700 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/chr.exe detected: Gen:Variant.Symmi.66860 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/ffhyhy.exe detected: Adware.Ghokswa.D (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/saber.exe detected: Gen:Variant.Adware.Xadupi.2 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/ff.exe detected: Gen:Variant.Adware.Ghokswa.3 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/Exnvd.exe detected: Gen:Variant.Adware.Xadupi.5 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/sagrgr.exe detected: Gen:Variant.Adware.Xadupi.2 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/eUpgrade/eupgrade.exe detected: Trojan.GenericKD.3500629 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/winziper.exe detected: Adware.GenericKD.3599494 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/eUpgrade/eupgrade.exe detected: Gen:Variant.Razy.89779 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/OmigaZip_patch/winzipersvc.exe detected: Adware.Xadupi.F (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/saber.exe detected: Gen:Variant.Zusy.207613 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/winzipersvc.exe detected: Trojan.GenericKD.3601549 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/eUpgrade/eupgrade.exe detected: Trojan.GenericKD.3500443 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/OmigaZip_patch/wzdl.exe detected: Gen:Variant.Graftor.309648 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/uncheckit.exe detected: Adware.GenericKD.3842245 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/wzdl.exe detected: Gen:Variant.Graftor.309648 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/winziper.exe detected: Adware.GenericKD.3599404 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/OmigaZip_patch/wzShellctx.dll detected: Gen:Variant.Mikey.52821 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/wzp/eUpgrade/eupgrade.exe detected: Gen:Variant.Razy.89779 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/wzShellctx64.dll detected: Trojan.Generic.18178125 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/winzipersvc.exe detected: Adware.GenericKD.3599410 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/wzdl.exe detected: Gen:Variant.Adware.Xadupi.3 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/wzp/OmigaZip_patch/wzdl.exe detected: Gen:Variant.Graftor.309648 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Mikey.53995 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/OmigaZip_patch/wzShellctx64.dll detected: Adware.Xadupi.F (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/wzShellctx64.dll detected: Trojan.Generic.18873956 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/wzp/OmigaZip_patch/wzShellctx64.dll detected: Trojan.Generic.17951553 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> tools/wzp/OmigaZip_patch/wzUpg.exe detected: Adware.GenericKD.3599532 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe -> tools/wzp/OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Adware.Strictor.108620 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Mikey.53995 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/wzp/OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Mikey.53995 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/wzp/OmigaZip_patch/wzUpg.exe detected: Gen:Variant.Midie.32605 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/wzp/OmigaZip_patch/wzUpg.exe detected: Adware.GenericKD.3599347 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe -> wmmbox.exe detected: Gen:Variant.Symmi.68499 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe -> tools/yacjg.exe detected: Gen:Variant.Adware.Symmi.68498 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe -> tools/yacdede.exe detected: Gen:Variant.Adware.Symmi.68498 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe -> eUpgrade/eupgrade.exe detected: Gen:Variant.Razy.89779 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe -> OmigaZip_patch/winziper.exe detected: Gen:Variant.Adware.Strictor.108620 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe -> OmigaZip_patch/winzipersvc.exe detected: Trojan.GenericKD.3201768 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe -> OmigaZip_patch/wzShellctx64.dll detected: Adware.Xadupi.Q (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe -> OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Adware.Strictor.108620 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> dzkcmjw.exe detected: Gen:Variant.Symmi.68499 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/chr.exe detected: Gen:Variant.Symmi.66860 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/Exnvd.exe detected: Gen:Variant.Adware.Xadupi.5 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/eUpgrade/eupgrade.exe detected: Gen:Variant.Razy.89779 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/winzipersvc.exe detected: Trojan.GenericKD.3442934 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/wzdl.exe detected: Gen:Variant.Graftor.309648 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/wzShellctx.dll detected: Gen:Variant.Mikey.52821 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/wzShellctx64.dll detected: Adware.Xadupi.F (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/wzUninstall.exe detected: Gen:Variant.Adware.Strictor.108620 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe -> tools/wzp/OmigaZip_patch/wzUpg.exe detected: Gen:Variant.Adware.Graftor.290459 (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\vkfnjqqkccrmzgqapcunoyeretpyudhs\WinSAP.dll detected: Trojan.GenericKD.3845770 (B) [krnl.xmd]
C:\Program Files (x86)\Common Files\Services\iThemes.dll detected: Trojan.GenericKD.3850752 (B) [krnl.xmd]

Scanned 301654
Found 60

Scan end: 12/12/2016 1:57:11 PM
Scan time: 0:41:48

C:\Program Files (x86)\Common Files\Services\iThemes.dll Trojan.GenericKD.3850752 (B)
C:\AdwCleaner\quarantine\files\vkfnjqqkccrmzgqapcunoyeretpyudhs\WinSAP.dll Trojan.GenericKD.3845770 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.1.1.exe Gen:Variant.Adware.Graftor.290459 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.0.19.exe Gen:Variant.Adware.Strictor.108620 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.80.exe Gen:Variant.Adware.Symmi.68498 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.98.exe Gen:Variant.Adware.Symmi.68498 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\wzp_update_v2.2.2.exe Gen:Variant.Adware.Strictor.108620 (B)
C:\AdwCleaner\quarantine\files\vzmfttyhblyxgjdiigcbcwyzhitsgrqm\update\_update_v2.2.94.exe Gen:Variant.Symmi.68499 (B)

Quarantined 8
 

Attachments

  • Autoruns.txt
    55.8 KB · Views: 6
  • scan_161212-131523.txt
    23.3 KB · Views: 7
  • hijackthis.log
    9.1 KB · Views: 7
Last edited by a moderator:

Step 1: Herd Protect Scan.


herdprotect-logo-200x200.png
Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection


  • Right-click on
    herdprotect-logo-200x200.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.
Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Step 2: Rogue Killer Scan.


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Step 3: MalwareBytes Scan.

MalwareBytes Scan


We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.
VSKiiIc.jpg


  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.
ZU4W2g2.jpg


  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.
nF8dOcq.jpg


  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.
L8lsasM.jpg


When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"
5x4JOvA.jpg


  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.
 
Can you please tell me what is he point of downloading all these applications and doing the same thing over and over again?
Saved date: 12/12/2016 2:55:17 PM
Files detected: 35
Files scanned: 8,633
Processes scanned: 67
Modules scanned: 535
ASEPs scanned: 483
Downloads scanned: 0
Deep analysis: 5/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\windows\system32\kernelbase.dll
Publisher: Microsoft Corporation
MD5: 6d832ca36ed7a60d4f73b4199f26cc66
SHA-1: d6bbdf769d7a5fc02e28e59cf52cbbf6c5ebc3ab
Created: 13/02/2016 8:42:06 AM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Sality.AT (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\google\update\googleupdate.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: 750446ed76a5d13e902174dddda1a62b
SHA-1: 9d04597f8cfc8841dfa876487de965c0f05708ca
Created: 15/04/2016 5:26:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Reason Heuristics as Adware.Eorezo (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\wildtangent games\app\gamesappservice.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: c403c5db49a0f9aaf4f2128edc0106d8
SHA-1: efb10419c7b07748f15f029fe63b227e45fbd004
Created: 12/10/2010 10:59:12 AM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Service.WildTangent.P

---------------------------------------------------------------------------------

File path: c:\users\henry\downloads\ccsetup524.exe
Publisher: Piriform Ltd
Signer: Piriform Ltd
MD5: 90f503a58ed6b340c78d626d553672f6
SHA-1: 6485c514e69979ea39ef29270f1df101bb4490b1
Created: 11/12/2016 2:09:02 PM
Detections: 2
Determination: Inconclusive
- ESET NOD32 as Win32/Bundled.Toolbar.Google.D potentially unsafe application (Undefined)
- Reason Heuristics as PUP.Bundled.Toolbar.ET (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\henry\downloads\frst64.exe
Publisher: Farbar
MD5: d3a3338cf1ede134315cfccc93d2636f
SHA-1: f37848175f05fffb1607d8d8344aa38cc1ba996d
Created: 11/12/2016 1:32:23 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAtITA (Undefined)
- Antiy Labs AVL as Trojan/Generic.ASVCS3S.1E5 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\henry\downloads\securitycheck.exe
Publisher: glax24 (safezone.cc)
MD5: b54ade01f6ac33c3ed8cfc6d15aeb919
SHA-1: fc0e1b61ff192b0bfb0351a56d5151846e942aa9
Created: 12/12/2016 12:25:25 AM
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.SafeZone (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\henry\desktop\frst64.exe
Publisher: Farbar
MD5: d3a3338cf1ede134315cfccc93d2636f
SHA-1: f37848175f05fffb1607d8d8344aa38cc1ba996d
Created: 11/12/2016 1:32:38 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAtITA (Undefined)
- Antiy Labs AVL as Trojan/Generic.ASVCS3S.1E5 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\henry\desktop\securitycheck.exe
Publisher: glax24 (safezone.cc)
MD5: b54ade01f6ac33c3ed8cfc6d15aeb919
SHA-1: fc0e1b61ff192b0bfb0351a56d5151846e942aa9
Created: 12/12/2016 12:28:32 AM
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.SafeZone (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\henry\desktop\old firefox data\zxsmw4me.default\extensions\arthurj8283@gmail.com\install.rdf
Publisher:
MD5: f93adbab664009775d21186add8ca0e9
SHA-1: 7105990ca870578537e1d74d9b6e60147a385538
Created: 30/10/2016 9:23:42 PM
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Firefox.Extension.xRocketToolbar (Adware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\wudfx.dll
Publisher: Microsoft Corporation
MD5: 25ae683dcb4ae7e6f1b193a0cb9db35f
SHA-1: 458e6b66ec1862dfa8c2c65cc1c2e1a9e6297f18
Created: 25/07/2012 6:44:19 PM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as TR/Dropper.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
Publisher:
MD5: 140d0aaf310055ebebcdd91d3f0f522e
SHA-1: 8b0b8779b18467e4e180a74971aa469542a18f50
Created: 15/04/2016 6:11:43 PM
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as PAK_Generic.001
- Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path: c:\programdata\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
Publisher:
MD5: 140d0aaf310055ebebcdd91d3f0f522e
SHA-1: 8b0b8779b18467e4e180a74971aa469542a18f50
Created: 15/04/2016 6:11:43 PM
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as PAK_Generic.001
- Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path: c:\users\henry\appdata\local\apps\2.0\5cg6oy67.5kc\0vjjevn2.9b0\clic...exe_f09d422d3b6d863a_0001.0003_none_1f743fbe4a8e0300\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a4c58ea455234afd3b622d838cde4c39
SHA-1: 92944220a2f71aee4109ba1873a0436a0d9818d6
Created: 13/02/2016 10:40:54 AM
Detections: 2
Determination: Ignore detections (false positive)
- ESET NOD32 as Detection.Undefined (Undefined)
- Avira AntiVirus as W32/Ramnit.A (Malware)

---------------------------------------------------------------------------------

File path: c:\users\henry\appdata\local\apps\2.0\5cg6oy67.5kc\0vjjevn2.9b0\goog...app_f09d422d3b6d863a_0001.0003_5ee343e2b5dda962\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a4c58ea455234afd3b622d838cde4c39
SHA-1: 92944220a2f71aee4109ba1873a0436a0d9818d6
Created: 13/02/2016 10:40:54 AM
Detections: 2
Determination: Ignore detections (false positive)
- ESET NOD32 as Detection.Undefined (Undefined)
- Avira AntiVirus as W32/Ramnit.A (Malware)

---------------------------------------------------------------------------------

File path: c:\users\henry\appdata\local\punkbuster\fc3\pb\pbcl.dll
Publisher:
MD5: a882b128e266a1084bd85e679fe2b496
SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47
Created: 17/02/2016 7:14:54 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\henry\appdata\local\punkbuster\fc3\pb\pbcls.dll
Publisher:
MD5: a882b128e266a1084bd85e679fe2b496
SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47
Created: 17/02/2016 7:14:51 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\ccleaner\lang\lang-1053.dll
Publisher:
MD5: 4926b412acaea103b916e36017e17ac6
SHA-1: a878023c1db66c29284b40822c495f2da2408eca
Created: 15/11/2016 12:25:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Spy.Zbot.avkc (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\daemon tools lite\lang\hun.dll
Publisher:
MD5: b2d8ad15925a3fa97d6705091a3f12bb
SHA-1: 2b439a98c86f3256d255d08fcb9566cae501ddb0
Created: 15/01/2016 6:55:12 AM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path: c:\program files\daemon tools lite\lang\srl.dll
Publisher:
MD5: 4872ce9ddd6fda52d9e40f06d1391959
SHA-1: 0e15aa263aade2d432e8e2cdcdfac6f18cb0d1ed
Created: 15/01/2016 6:55:12 AM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Virut.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\daemon tools lite\lang\trk.dll
Publisher:
MD5: f023c370367c9305f400371730777221
SHA-1: 00a46871f309001bfbba1398ec75af0ccc423e06
Created: 15/01/2016 6:55:12 AM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as TR/Dropper.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\daemon tools lite\plugins\grabbers\tages.dll
Publisher: Disc Soft Ltd.
MD5: b4ea810dddd1d52d8a76d6d095afc33c
SHA-1: aab7a2e78d4dad80629a8f1f705b1f5cf93def35
Created: 3/12/2015 4:54:44 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W64.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\windowsapps\microsoft.freshpaint_1.0.13011.1_x86__8wekyb3d8bbwe\commonutils.dll
Publisher: Microsoft
MD5: 480dd92e0431ec654d94c86686091706
SHA-1: cdf608f769b0c35e442268de8f8cd5e996752293
Created: 1/05/2013 4:01:24 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Kazy.21282 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\windowsapps\microsoft.freshpaint_1.0.13011.1_x86__8wekyb3d8bbwe\coreengine.dll
Publisher: Microsoft
MD5: 7104c5d422a26a7b25ac7df3cec9bb51
SHA-1: b47191b3945c0d846647db887c43f9294351b923
Created: 1/05/2013 4:01:24 AM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Android.Trojan.GingerMaster.DM (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\amulec1\ed2k.exe
Publisher: http://www.amule.org/
MD5: 96631e9beac46a258b5ba2594a220259
SHA-1: 5290c50525251472c4cd0c427261b82bb28d931e
Created: 16/11/2016 10:59:48 AM
Detections: 3
Determination: Ignore detections (false positive)
- Bkav FE as W32.eHeur.Malware08 (Undefined)
- CrowdStrike as malicious_confidence_60% (D) (Undefined)
- Qihoo 360 Security as HEUR/QVM10.1.0000.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cyberlink\powerdvd10\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, http://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 15/01/2013 1:11:00 PM
Detections: 2
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined)
- Avira AntiVirus as W32/Sality.AT (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\mozilla maintenance service\uninstall.exe
Publisher: Mozilla Corporation
MD5: 43b67df2d6f42deec7d04cf6a974eb67
SHA-1: 19ed0142fd58c74e1e7d9a92483bfb43a8fbf85e
Created: 16/04/2016 1:28:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Dropper.mm (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\the elder scrolls v skyrim\binkw32.dll
Publisher: RAD Game Tools, Inc.
MD5: 6c16d545b0717830773fb1ba4a195778
SHA-1: 4d205ef5ab7664f2e2b1de7b951824afa769ed61
Created: 15/02/2016 3:54:52 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\the elder scrolls v skyrim\skyrimlauncher.exe
Publisher: Bethesda Softworks
Signer: Bethesda Softworks
MD5: 53e9024dc5ef69d7727af3d89da3c0ad
SHA-1: 74e8c16804263530d1d3df6b589dcb47a2f43aa5
Created: 15/02/2016 3:56:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\ubisoft\farcry 3\bin\ubiorbitapi_r2_loader.dll
Publisher:
MD5: f137a84a1a52ec06183a32659dbfef71
SHA-1: fc6ce9ac83c03f95a118459bdea31239deac3327
Created: 15/02/2016 10:23:23 PM
Detections: 2
Determination: Inconclusive
- Comodo Security as ApplicUnwnt.Win32.CrackTool.Agent.~a (Adware)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\ubisoft\farcry 3\bin\pb\pbcl.dll
Publisher:
MD5: a882b128e266a1084bd85e679fe2b496
SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47
Created: 16/02/2016 7:08:41 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\ubisoft\farcry 3\bin\pb\pbcls.dll
Publisher:
MD5: a882b128e266a1084bd85e679fe2b496
SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47
Created: 16/02/2016 7:08:38 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\ubisoft\farcry 3\bin\pb\dll\wc002312.dll
Publisher:
MD5: a882b128e266a1084bd85e679fe2b496
SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47
Created: 16/02/2016 7:08:42 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\wildgames\bejeweled 3\bejeweled3-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: 8932f98bd67606690255efc8633ce780
SHA-1: 130790454e158f63112a65d64805b9e46d1b6c5a
Created: 26/01/2011 1:58:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as VIRUS_UNKNOWN (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\wildgames\peggle\peggle-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: 95f4a4e5c2cf1f348772bf89b269e5fa
SHA-1: 6156d461966ff3aa27658ca17735b68092c6fabb
Created: 17/08/2010 12:29:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as JS:Exploit.BlackHole.HB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\wildtangent games\app\uninstall.exe
Publisher: WildTangent
Signer: WildTangent Inc
MD5: c5d025baa6e4ea91b363c8d53e6c509d
SHA-1: 9c08cd35422805d60f09e5de102d626c24710291
Created: 1/02/2013 12:51:24 PM
Detections: 3
Determination: Ignore detections (false positive)
- K7 AntiVirus as Trojan (Undefined)
- K7 Gateway Antivirus as Trojan (Undefined)
- The Hacker as Posible_Worm32 (Undefined)


RogueKiller V12.8.4.0 (x64) [Dec 5 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Henry [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/12/2016 15:03:30 (Duration : 00:16:19)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{DC638EEA-2BA2-4459-9C46-85A2F0BE6040} (C:\Program Files (x86)\WinZipper\wzShellctx64.dll) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Monold_protect ("C:\ProgramData\Monold\protect\protect.exe") -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 79dde02c62ccb3198f48838cfc02a4b3
[BSP] d28e338c2261577215d19a426d664c81 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 381547 MB
4 - Basic data partition | Offset (sectors): 783720448 | Size: 550703 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK
 

Attachments

  • Malwarebytes.txt
    1,019 bytes · Views: 10
  • Scan_2016-12-12-14-55.txt
    16.1 KB · Views: 9
  • rk_21DE.tmp.txt
    3.4 KB · Views: 8
Last edited by a moderator:
Can you please tell me what is he point of downloading all these applications and doing the same thing over and over again?

Making sure you are clean, you are good to go. I would not want someone to leave here still infected. :)

Your machine is clean. Clean.jpg

Just re-run Rogue Killer and delete these two.

[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{DC638EEA-2BA2-4459-9C46-85A2F0BE6040} (C:\Program Files (x86)\WinZipper\wzShellctx64.dll) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Monold_protect ("C:\ProgramData\Monold\protect\protect.exe") -> Not selected


Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Last edited:
Status
Not open for further replies.