Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Windows script host C:\windows\run.vs

This is a discussion on Windows script host C:\windows\run.vs within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. LOG IN FIRST REPLY SORRY FOR DOUBLE POSTING so yesterday or the day before to be specific i downloaded some


Closed Thread
 
Thread Tools Search this Thread
Old 06-19-2016, 10:57 AM   #1
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



LOG IN FIRST REPLY SORRY FOR DOUBLE POSTING
so yesterday or the day before to be specific i downloaded some file from the internet and it turned out to be a virus it started installing spam software such as nw.exe (i think that's the proper name) and some other stuff like a chinese browser and some other chinese software i eventually managed to get rid of them all and i am not sure if there are leftovers or what but after rebooting and i got this message and i can't find anything about it on the internet so can you guys help me that would so much appreciated, could this be a leftover?
thank you.

PS:i also tried some youtube video where you edit the registry but it did not work
one extra detail that might help, so chrome has been acting kinda weird since that day setting the default search engine to "websearch" instead of "google" every time i change it it changes back automatically.
iCyZ is offline  
Sponsored Links
Advertisement
 
Old 06-19-2016, 10:58 AM   #2
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.420 BrowserJavaVersion: 11.91.2
Run by iCyPo at 19:50:57 on 2016-06-19
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.8154.5986 [GMT 2:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\system32\SettingSyncHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\iCyPo\AppData\Local\PackageStaging\Realtek HD\rthdcpl.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\iCyPo\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.hao123.com/?tn=90098758_hao_pg
uLocal Page = %11%\blank.htm
uSearch Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqeVodSyzTpKg7v9TlXnT8hzwVrDfzGFf_EGELAL0M1461KCC3DuEFQE2iitioVskVALqGhfsdHWOwXyh-lj1zDuzBwUkmhEEbymd4Vdq8Ps9tBimgo5q0_lckHhZjzSI8kVEOx6zwA6bAK6BCquSZMj_an2FmwUcykLfxQl&q={searchTerms}
uSearch Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqeVodSyzTpKg7v9TlXnT8hzwVrDfzGFf_EGELAL0M1461KCC3DuEFQE2iitioVskVALqGhfsdHWOwXyh-lj1zDuzBwUkmhEEbymd4Vdq8Ps9tBimgo5q0_lckHhZjzSI8kVEOx6zwA6bAK6BCquSZMj_an2FmwUcykLfxQl&q={searchTerms}
mStart Page = hxxps://www.hao123.com/?tn=90098758_hao_pg
mWinlogon: Userinit = wscript C:\Windows\run.vbs,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\iCyPo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [QGuan10in1] C:\Users\iCyPo\AppData\Roaming\UPUpdata\service72564.exe /autorun
uRun: [QGuan10in12] C:\Users\iCyPo\AppData\Roaming\UPUpdata\service90132.exe /autorun
uRun: [msiql] C:\Users\iCyPo\AppData\Roaming\UPUpdata\msiql.exe /RUNNING
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EaseUS EPM tray] E:\Software\EaseUS Partition Master 11.0\bin\EpmNews.exe
mRun: [EaseUS Cleanup] "E:\Software\EaseUS Partition Master 11.0\bin\CleanUpUI.exe" 10 300
mRun: [apphide] C:\Program Files (x86)\badu\qq.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-Windows\System: UseOEMBackground = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{92db7dd9-9659-4e30-9291-4511d2e721eb} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= C:\ProgramData\Ronzap\Strongtamplus.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {65122CB0-EA0F-47DF-A953-017170ED12F9} - "C:\Program Files (x86)\UCBrowser\Application\5.6.12150.8\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-mWinlogon: Userinit = wscript C:\Windows\run.vbs,
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [gplyra] C:\Users\iCyPo\AppData\Roaming\gplyra\gplyra\start.cmd
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-6-7 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 UCGuard;UCGuard;C:\Windows\System32\drivers\ucguard.sys [2016-6-17 81792]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-6-6 56384]
R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S2 BitTorrent;BitTorrent; [x]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 dowidoly;Renew Single Click;C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\jnso6B30.tmp --> C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\jnso6B30.tmp [?]
S2 HpSvc;Hardware Protection Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 QQRepairFixSVC;QQRepairFixSVC;C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC --> C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [?]
S2 qyqijyrezbt;Arrow Read;C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\knsq495A.tmpfs --> C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\knsq495A.tmpfs [?]
S2 ReujosestogleCmmS;Reujosestogle Community;"C:\Program Files (x86)\Reujosestogle\ReujosestogleCmmS.xhtm5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} --> C:\Program Files (x86)\Reujosestogle\ReujosestogleCmmS.xhtm5 [?]
S2 rijufoze;Reservation Plastic;C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\hnsv8811.tmp --> C:\Program Files (x86)\03AA02FC-1466193586-05B0-D506-250700080009\hnsv8811.tmp [?]
S2 TheDesktopWeatherService;The Desktop Weather Service;C:\Program Files (x86)\WeatherTool\2.0.1.11297\WeatherService.exe --> C:\Program Files (x86)\WeatherTool\2.0.1.11297\WeatherService.exe [?]
S2 zigipyro;Double Spaced Firewall;C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009\qnsa41C.tmp --> C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009\qnsa41C.tmp [?]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ampa;ampa;C:\Windows\System32\ampa.sys [2016-6-13 19568]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\Windows\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-6-6 28216]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-6-17 31800]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-6-7 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-6-15 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-6-7 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2016-6-7 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\Windows\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2016-4-28 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2016-6-7 26112]
S4 backlh;Background Logic Handler;C:\ProgramData\Logic Handler\set.exe [2016-6-17 2089472]
S4 CDPSvc;Connected Device Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 CloudPrinter;CloudPrinter;C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a --> C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f C:\ProgramData\\CloudPrinter\\CloudPrinter.dat [?]
S4 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-6-6 1165368]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-6-6 1881144]
S4 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-6-6 3634232]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-6-6 2522680]
S4 producyuodvye;Sunlight;C:\Users\iCyPo\AppData\Local\Sancode.exe propsctpyo producyuodvye --> C:\Users\iCyPo\AppData\Local\Sancode.exe propsctpyo producyuodvye [?]
S4 Ronzap;Ronzap;C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f "C:\ProgramData\\Ronzap\\Ronzap.dat" -l -a --> C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f C:\ProgramData\\Ronzap\\Ronzap.dat [?]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-6-6 410768]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2016-06-19 04:13:32 11895896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21873B35-2302-4826-B541-85A2742EF0E3}\mpengine.dll
2016-06-19 02:11:53 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\Gyazo
2016-06-19 01:11:43 11895896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-06-17 21:42:19 -------- d-----w- C:\Windows\pss
2016-06-17 21:19:12 38520 ----a-w- C:\Windows\SysWow64\drivers\TS888x64.sys
2016-06-17 20:53:39 -------- d-----w- C:\Users\iCyPo\AppData\Local\VS Revo Group
2016-06-17 20:53:20 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-06-17 20:53:20 -------- d-----w- C:\ProgramData\VS Revo Group
2016-06-17 20:53:18 -------- d-----w- C:\Program Files\VS Revo Group
2016-06-17 20:45:30 250912 ----a-w- C:\Windows\SysWow64\kz.exe
2016-06-17 20:44:54 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\tmp
2016-06-17 20:41:54 -------- d-----w- C:\Users\iCyPo\AppData\Local\UCBrowser
2016-06-17 20:41:53 81792 ----a-w- C:\Windows\System32\drivers\ucguard.sys
2016-06-17 20:29:52 92872 ----a-w- C:\Windows\System32\drivers\KuaiZipDrive.sys
2016-06-17 20:29:49 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\Softlink
2016-06-17 20:22:06 -------- d-----w- C:\Program Files\Common Files\Tencent
2016-06-17 20:22:04 143992 ----a-w- C:\Windows\System32\drivers\TAOKernelEx64.sys
2016-06-17 20:21:53 -------- d-----w- C:\ProgramData\TXQMPC
2016-06-17 20:21:22 97400 ----a-w- C:\Windows\System32\drivers\TFsFltX64.sys
2016-06-17 20:21:22 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2016-06-17 20:20:10 -------- d-----w- C:\ProgramData\Tencent
2016-06-17 20:10:41 -------- d-----w- C:\Users\iCyPo\AppData\Local\app
2016-06-17 20:08:25 54664 ----a-w- C:\Windows\System32\drivers\blNetFilter.sys.old
2016-06-17 20:03:53 -------- d-----w- C:\Users\iCyPo\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-06-17 20:03:45 -------- d-----w- C:\Program Files (x86)\Anonetionjse
2016-06-17 20:02:55 -------- d-----w- C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009
2016-06-17 20:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\Roundlam
2016-06-17 20:01:44 -------- d-----w- C:\Program Files\BitTorrent
2016-06-17 20:01:38 28160 ----a-w- C:\Users\iCyPo\AppData\Local\Sancode.exe
2016-06-17 20:01:11 -------- d-----w- C:\ProgramData\Logic Handler
2016-06-17 20:00:59 -------- d-----w- C:\ProgramData\Ronzaps
2016-06-17 20:00:49 -------- d-----w- C:\ProgramData\Ronzap
2016-06-17 20:00:23 -------- d-----w- C:\ProgramData\CloudPrinter
2016-06-17 04:35:02 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99A80168-7977-4956-9D03-66EB2E0381FF}\gapaengine.dll
2016-06-15 02:42:25 -------- d-----w- C:\Users\iCyPo\AppData\Local\Skyrim
2016-06-15 01:01:55 -------- d-----w- C:\Program Files\Common Files\VST2
2016-06-15 01:01:54 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2016-06-15 01:01:54 -------- d-----w- C:\Program Files (x86)\VstPlugins
2016-06-15 01:01:54 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2016-06-15 01:01:33 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\Image-Line
2016-06-15 01:01:32 -------- d-----w- C:\Program Files\Image-Line
2016-06-15 00:56:57 -------- d-----w- C:\Program Files (x86)\Image-Line
2016-06-15 00:55:20 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\TeamViewer
2016-06-15 00:48:56 -------- d-----w- C:\Program Files\Sony
2016-06-15 00:48:56 -------- d-----w- C:\Program Files (x86)\Sony
2016-06-15 00:47:45 -------- d-----w- C:\Windows\System32\appmgmt
2016-06-15 00:42:19 -------- d-----w- C:\Users\iCyPo\AppData\Local\Sony
2016-06-15 00:40:20 -------- d-----w- C:\Program Files\VideoLAN
2016-06-14 23:41:44 -------- d-----w- C:\Steam
2016-06-14 23:37:59 92352 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-14 02:48:35 -------- d---a-w- C:\Program Files (x86)\Gyazo
2016-06-13 03:28:06 -------- d-----w- C:\Users\iCyPo\AppData\Local\CrashDumps
2016-06-13 03:25:14 -------- d-----w- C:\Users\iCyPo\AppData\Local\Rockstar Games
2016-06-13 03:05:07 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2016-06-13 03:03:24 -------- d-----w- C:\Windows\SysWow64\xlive
2016-06-13 03:03:24 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-06-13 02:32:45 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2016-06-13 02:24:09 -------- d-----w- C:\Users\iCyPo\AppData\Local\Diagnostics
2016-06-13 02:16:28 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\PowerISO
2016-06-13 01:38:29 -------- d-----w- C:\Windows\amlog
2016-06-13 01:27:10 1024 ---h--w- C:\AMTAG.BIN
2016-06-13 01:26:46 19568 ----a-w- C:\Windows\SysWow64\ampa.sys
2016-06-13 01:26:46 19568 ----a-w- C:\Windows\System32\ampa.sys
2016-06-13 01:26:46 1920624 ----a-w- C:\Windows\ampa.exe
2016-06-13 01:26:42 -------- d---a-w- C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.0
2016-06-12 21:13:56 -------- d-----w- C:\Users\iCyPo\AppData\Local\Programs
2016-06-12 19:20:43 -------- d-----w- C:\ProgramData\IDM
2016-06-12 02:05:05 -------- d-----w- C:\ProgramData\Steam
2016-06-11 20:04:46 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\TS3Client
2016-06-11 03:59:44 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\NVIDIA
2016-06-11 03:04:37 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2016-06-11 03:01:59 393728 ----a-w- C:\Windows\System32\CNMXLMBW.DLL
2016-06-11 02:59:27 -------- d-----w- C:\ProgramData\CanonIJWSpt
2016-06-11 02:14:12 -------- d-----w- C:\ProgramData\DriverTalent
2016-06-11 02:13:53 -------- d-----w- C:\Program Files (x86)\OSTotoSoft
2016-06-11 02:11:11 -------- d-----w- C:\Users\iCyPo\AppData\Local\ElevatedDiagnostics
2016-06-11 02:01:11 -------- d--h--w- C:\ProgramData\CanonIJScan
2016-06-11 01:59:31 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2016-06-11 01:46:19 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2016-06-11 01:45:02 101888 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPBW.DLL
2016-06-11 01:45:01 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDBW.DLL
2016-06-11 01:44:57 391168 ----a-w- C:\Windows\System32\CNMLMBW.DLL
2016-06-09 06:04:11 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\java
2016-06-09 06:02:54 -------- d-----w- C:\Users\iCyPo\.oracle_jre_usage
2016-06-09 06:02:51 97344 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-06-09 06:02:38 -------- d-----w- C:\ProgramData\Oracle
2016-06-09 05:57:07 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\.minecraft
2016-06-09 05:42:48 -------- d-----w- C:\Users\iCyPo\AppData\Local\PAYDAY
2016-06-07 21:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft
2016-06-07 21:08:02 -------- d-----w- C:\Windows\SysWow64\directx
2016-06-07 20:04:13 112032 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2016-06-07 20:03:45 -------- d-----w- C:\ProgramData\Package Cache
2016-06-07 20:02:51 102976 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2016-06-07 18:10:36 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2016-06-07 1850 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2016-06-07 1848 778936 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2016-06-07 1848 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-06-07 1843 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-06-07 1843 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2016-06-07 1843 1166520 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2016-06-07 17:42:27 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\Dropbox
2016-06-07 17:35:02 -------- d-----w- C:\Users\iCyPo\AppData\Local\Dropbox
2016-06-07 17:34:38 137280 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2016-06-07 17:34:38 -------- d---a-w- C:\Program Files\PowerISO
2016-06-07 17:07:48 -------- d-----w- C:\Windows\System32\SleepStudy
2016-06-07 16:36:09 -------- d-----w- C:\Windows\System32\MRT
2016-06-07 16:33:59 984576 ----a-w- C:\Windows\System32\SettingSyncCore.dll
2016-06-07 16:32:59 99680 ----a-w- C:\Windows\System32\drivers\pdc.sys
2016-06-07 16:07:47 -------- d-----w- C:\Users\iCyPo\AppData\Local\CrashRpt
2016-06-07 16:04:52 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2016-06-07 16:04:00 484008 ------w- C:\Windows\System32\MpSigStub.exe
2016-06-07 11:15:15 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\uTorrent
2016-06-06 23:30:08 -------- d-----w- C:\Windows\Panther
2016-06-06 22:44:09 -------- d-----w- C:\Users\iCyPo\BrawlhallaReplays
2016-06-06 22:42:08 -------- d-----w- C:\Users\iCyPo\AppData\Roaming\BrawlhallaAir
2016-06-06 22:37:09 -------- d-sh--we C:\ProgramData\Documents
2016-06-06 22:37:09 -------- d-sh--we C:\Documents and Settings
2016-06-06 22:34:34 -------- d-sh--w- C:\Recovery
2016-06-06 19:59:08 1767944 ----a-w- C:\Windows\System32\nvspcap64.dll
2016-06-06 19:59:08 1756608 ----a-w- C:\Windows\System32\nvspbridge64.dll
2016-06-06 19:59:08 1377800 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2016-06-06 19:59:08 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2016-06-06 19:59:03 -------- d-----w- C:\Users\iCyPo\AppData\Local\NVIDIA Corporation
2016-06-06 19:59:03 -------- d-----w- C:\Users\iCyPo\AppData\Local\NVIDIA
2016-06-06 19:58:31 572048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2016-06-06 19:58:12 937800 ----a-w- C:\Windows\System32\nvvsvc.exe
2016-06-06 19:58:12 62608 ----a-w- C:\Windows\System32\nvshext.dll
2016-06-06 19:58:12 5121613 ----a-w- C:\Windows\System32\nvcoproc.bin
2016-06-06 19:58:12 3493008 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-06-06 19:58:12 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
2016-06-06 19:58:11 6873928 ----a-w- C:\Windows\System32\nvcpl.dll
2016-06-06 19:58:11 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2016-06-06 19:57:56 112784 ----a-w- C:\Windows\System32\OpenCL.dll
2016-06-06 19:57:46 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2016-06-06 19:55:50 -------- d-----w- C:\Program Files\NVIDIA Corporation
2016-06-06 19:55:10 -------- d-----w- C:\NVIDIA
2016-06-06 17:53:55 -------- d-----w- C:\Users\iCyPo\AppData\Local\CEF
2016-06-06 17:53:54 -------- d-----w- C:\Users\iCyPo\AppData\Local\Steam
2016-06-06 17:40:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2016-06-06 17:39:58 -------- d-----w- C:\Program Files (x86)\Steam
2016-06-06 16:53:21 -------- d-----w- C:\Users\iCyPo\AppData\Local\Google
2016-06-06 16:47:02 -------- d-----w- C:\ProgramData\KMSAutoS
2016-06-06 16:37:51 -------- d-----w- C:\Users\iCyPo\AppData\Local\PeerDistRepub
2016-06-06 16:36:48 -------- d-----w- C:\Users\iCyPo\AppData\Local\MSfree Inc
2016-06-06 12:53:21 -------- d-----w- C:\Users\iCyPo\AppData\Local\MicrosoftEdge
2016-06-06 12:52:55 -------- d-----r- C:\Users\iCyPo\OneDrive
2016-06-06 12:50:47 -------- d-----w- C:\Users\iCyPo\AppData\Local\Comms
2016-06-06 12:50:30 -------- d-----w- C:\Users\iCyPo\AppData\Local\ActiveSync
2016-06-06 12:49:44 -------- d-----w- C:\Users\iCyPo\AppData\Local\Publishers
2016-06-06 12:49:38 -------- d-----w- C:\Users\iCyPo\AppData\Local\PackageStaging
2016-06-06 12:48:53 -------- d-----r- C:\Users\iCyPo\Searches
2016-06-06 12:48:53 -------- d-----r- C:\Users\iCyPo\Contacts
2016-06-06 12:48:38 -------- d-----w- C:\Users\iCyPo\AppData\Local\VirtualStore
2016-06-06 12:48:33 -------- d-----w- C:\Users\iCyPo\AppData\Local\Packages
2016-06-06 12:48:31 -------- d-----w- C:\Users\iCyPo\AppData\Local\TileDataLayer
.
==================== Find3M ====================
.
2016-06-14 18:33:01 828408 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-06-14 18:33:01 176632 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-28 06:13:27 46784 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-05-28 06:13:24 514752 ----a-w- C:\Windows\System32\devinv.dll
2016-05-28 06:13:24 290496 ----a-w- C:\Windows\System32\invagent.dll
2016-05-28 06:13:24 1401024 ----a-w- C:\Windows\System32\appraiser.dll
2016-05-28 06:13:24 1184960 ----a-w- C:\Windows\System32\aeinv.dll
2016-05-28 05:55:39 2718208 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2016-05-28 05:25:42 4268880 ----a-w- C:\Windows\SysWow64\setupapi.dll
2016-05-28 05:23:29 388384 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-28 05:23:28 312160 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-28 05:22:29 7474528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-28 05:22:11 118624 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2016-05-28 05:22:08 211296 ----a-w- C:\Windows\System32\drivers\tpm.sys
2016-05-28 05:22:02 4387680 ----a-w- C:\Windows\System32\setupapi.dll
2016-05-28 05:20:21 430312 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-28 05:18:49 357216 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-28 05:09:52 84832 ----a-w- C:\Windows\SysWow64\NetSetupApi.dll
2016-05-28 05:09:50 501600 ----a-w- C:\Windows\SysWow64\NetSetupEngine.dll
2016-05-28 05:09:27 170848 ----a-w- C:\Windows\System32\NetworkUXBroker.exe
2016-05-28 05:08:59 693600 ----a-w- C:\Windows\System32\NetSetupEngine.dll
2016-05-28 05:08:51 115040 ----a-w- C:\Windows\System32\NetSetupApi.dll
2016-05-28 05:08:25 258912 ----a-w- C:\Windows\System32\drivers\ufx01000.sys
2016-05-28 05:07:46 957608 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-05-28 05:07:45 331616 ----a-w- C:\Windows\System32\drivers\pci.sys
2016-05-28 05:07:40 703840 ----a-w- C:\Windows\SysWow64\WWAHost.exe
2016-05-28 05:07:19 1322248 ----a-w- C:\Windows\System32\ole32.dll
2016-05-28 05:07:12 808288 ----a-w- C:\Windows\System32\WWAHost.exe
2016-05-28 0536 254656 ----a-w- C:\Windows\SysWow64\LockAppHost.exe
2016-05-28 0509 4074160 ----a-w- C:\Windows\SysWow64\explorer.exe
2016-05-28 0505 730344 ----a-w- C:\Windows\System32\Windows.Internal.Shell.Broker.dll
2016-05-28 0505 303216 ----a-w- C:\Windows\System32\LockAppHost.exe
2016-05-28 05:05:38 4515264 ----a-w- C:\Windows\explorer.exe
2016-05-28 05:04:44 161632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-28 05:04:42 604928 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-28 05:04:41 111064 ----a-w- C:\Windows\System32\ncryptsslp.dll
2016-05-28 05:04:37 97096 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2016-05-28 05:04:37 360480 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-28 05:04:34 431296 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-28 05:03:58 131248 ----a-w- C:\Windows\System32\gpapi.dll
2016-05-28 04:58:04 379232 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-28 04:58:02 1996640 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-05-28 04:57:58 649792 ----a-w- C:\Windows\System32\dxgi.dll
2016-05-28 04:57:58 2548944 ----a-w- C:\Windows\System32\d3d10warp.dll
2016-05-28 04:57:56 316256 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-28 04:57:55 636304 ----a-w- C:\Windows\System32\fontdrvhost.exe
2016-05-28 04:57:53 577376 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-05-28 04:57:42 2195632 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2016-05-28 04:57:41 521664 ----a-w- C:\Windows\SysWow64\dxgi.dll
2016-05-28 04:57:40 546456 ----a-w- C:\Windows\SysWow64\fontdrvhost.exe
2016-05-28 04:57:30 1594416 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-28 04:57:05 1372312 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-28 04:35:16 89088 ----a-w- C:\Windows\System32\MapsCSP.dll
2016-05-28 04:35:13 123392 ----a-w- C:\Windows\System32\tdlrecover.exe
2016-05-28 04:35:09 31744 ----a-w- C:\Windows\System32\drivers\dumpsdport.sys
2016-05-28 04:31:21 91648 ----a-w- C:\Windows\SysWow64\tdlrecover.exe
2016-05-28 04:31:15 88576 ----a-w- C:\Windows\SysWow64\olepro32.dll
2016-05-28 04:31:14 66560 ----a-w- C:\Windows\System32\MosHostClient.dll
2016-05-28 04:29:59 79360 ----a-w- C:\Windows\System32\adhsvc.dll
2016-05-28 04:29:39 19456 ----a-w- C:\Windows\System32\httpprxp.dll
2016-05-28 04:29:23 45568 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-28 04:29:04 22379008 ----a-w- C:\Windows\System32\edgehtml.dll
2016-05-28 04:28:22 90112 ----a-w- C:\Windows\System32\FwRemoteSvr.dll
2016-05-28 04:28:19 118272 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-28 04:28:11 166400 ----a-w- C:\Windows\System32\MusNotification.exe
2016-05-28 04:27:48 28672 ----a-w- C:\Windows\System32\mapsupdatetask.dll
2016-05-28 04:27:06 50176 ----a-w- C:\Windows\SysWow64\MosHostClient.dll
2016-05-28 04:26:55 199168 ----a-w- C:\Windows\System32\InstallAgent.exe
2016-05-28 04:26:52 50176 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2016-05-28 04:26:45 74752 ----a-w- C:\Windows\System32\MosStorage.dll
2016-05-28 04:26:16 157184 ----a-w- C:\Windows\System32\dmcertinst.exe
2016-05-28 04:26:12 145920 ----a-w- C:\Windows\System32\omadmclient.exe
2016-05-28 04:26:11 120320 ----a-w- C:\Windows\System32\MapsBtSvc.dll
2016-05-28 04:25:51 51200 ----a-w- C:\Windows\System32\gpscript.dll
2016-05-28 04:25:22 37376 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-28 04:24:38 72704 ----a-w- C:\Windows\System32\moshost.dll
2016-05-28 04:24:38 124928 ----a-w- C:\Windows\System32\drivers\Ndu.sys
2016-05-28 04:24:35 91136 ----a-w- C:\Windows\System32\browserbroker.dll
2016-05-28 04:24:20 67072 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2016-05-28 04:24:20 53760 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2016-05-28 04:24:17 93696 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-28 04:24:13 218624 ----a-w- C:\Windows\System32\cdd.dll
2016-05-28 04:24:01 86528 ----a-w- C:\Windows\System32\AppCapture.dll
2016-05-28 04:23:26 155136 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2016-05-28 04:22:59 464896 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2016-05-28 04:22:55 161280 ----a-w- C:\Windows\SysWow64\InstallAgent.exe
2016-05-28 04:22:46 368640 ----a-w- C:\Windows\System32\usocore.dll
2016-05-28 04:22:45 59904 ----a-w- C:\Windows\SysWow64\MosStorage.dll
2016-05-28 04:22:43 79872 ----a-w- C:\Windows\System32\cryptsvc.dll
2016-05-28 04:22:39 406528 ----a-w- C:\Windows\System32\MusUpdateHandlers.dll
2016-05-28 04:22:37 278528 ----a-w- C:\Windows\System32\drivers\netbt.sys
2016-05-28 04:22:17 269824 ----a-w- C:\Windows\System32\moshostcore.dll
2016-05-28 04:22:11 87040 ----a-w- C:\Windows\SysWow64\MapsBtSvc.dll
2016-05-28 04:22:06 163328 ----a-w- C:\Windows\System32\tetheringservice.dll
2016-05-28 04:21:52 42496 ----a-w- C:\Windows\SysWow64\gpscript.dll
2016-05-28 04:21:48 239104 ----a-w- C:\Windows\System32\BrokerLib.dll
2016-05-28 04:21:29 550912 ----a-w- C:\Windows\System32\StoreAgent.dll
2016-05-28 04:21:27 190464 ----a-w- C:\Windows\System32\wscsvc.dll
2016-05-28 04:21:09 207360 ----a-w- C:\Windows\System32\NetSetupSvc.dll
2016-05-28 04:20:54 199168 ----a-w- C:\Windows\System32\GnssAdapter.dll
.
============= FINISH: 19:52:50.37 ===============
iCyZ is offline  
Old 06-19-2016, 11:05 PM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

=========================================================

Things I need to see in your next post:

  • AdwCleaner[C#].txt
  • FRST.txt
  • Addition.txt
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 06-20-2016, 12:12 PM   #4
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



here's what happened i downloaded the adw cleaner done everything you told me but when the scan is done and i start deleting viruses, the software goes "not responding" and it takes forever, took like a hour and half and the bar is still at 0% is that normal? i aborted it and started the process all over again but this time the detected viruses were less and again it took like and hour before i abort it (everytime i abort the pc goes slow that it does not launch anything so i have to restart) second time i restarted windows logged in to a temporary account and i had to set a ping and a password like the first time installing windows i restarted again and it logged in normally to the old user and i now don't know what to do please help, is this scanner safe or compatible with windows 10?
waiting for your reply,
thanks.
iCyZ is offline  
Old 06-20-2016, 11:36 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

Yes. AdwCleaner is a safe tool and is compatible with Windows 10. Did you run FRSt tool ? Is there a problem?
__________________
tekir06 is offline  
Old 06-21-2016, 10:41 AM   #6
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



my internet has some download problems i called the provider and they said it's a matter of days till they fix it, can you please not lock this topic?
iCyZ is offline  
Old 06-21-2016, 11:11 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

Ok. I will wait. The topic will remain open.
__________________
tekir06 is offline  
Old 06-29-2016, 04:27 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

Is your internet fix? Will you continue to topic ?
__________________
tekir06 is offline  
Old 07-02-2016, 12:47 AM   #9
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



Sorry for late reply, just got my internet fixed a couple of days ago.
i will now download the needed software and continue the process.
iCyZ is offline  
Old 07-02-2016, 10:48 AM   #10
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



the software (ADWC) crashed a couple of times so it made more than a text file (6 to be exact) i will post them all.

AdwCleaner[C1]:
# AdwCleaner v5.200 - Logfile created 20/06/2016 at 19:39:35
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QMUdisk
[-] Service Deleted : TheDesktopWeatherService
[-] Service Deleted : softaal
[-] Service Deleted : CloudPrinter
[-] Service Deleted : SRepairDrv
[-] Service Deleted : tsnethlpx64
[-] Service Deleted : Ronzap


AdwCleaner[C2]:
# AdwCleaner v5.200 - Logfile created 20/06/2016 at 19:59:34
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****




AdwCleaner[C3]:
# AdwCleaner v5.201 - Logfile created 02/07/2016 at 09:51:00
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****



AdwCleaner[S1]:
# AdwCleaner v5.200 - Logfile created 20/06/2016 at 19:35:01
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : QMUdisk
Service Found : TheDesktopWeatherService
Service Found : softaal
Service Found : CloudPrinter
Service Found : SRepairDrv
Service Found : tsnethlpx64
Service Found : Ronzap
Service Found : UCGuard
Service Found : backlh
Service Found : zigipyro
Service Found : QQRepairFixSVC
Service Found : dowidoly
Service Found : qyqijyrezbt
Service Found : rijufoze
Service Found : zigipyro

***** [ Folders ] *****

Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\ProgramData\CloudPrinter
Folder Found : C:\ProgramData\Ronzap
Folder Found : C:\ProgramData\Ronzaps
Folder Found : C:\ProgramData\Logic Handler
Folder Found : C:\ProgramData\Application Data\tencent
Folder Found : C:\ProgramData\Application Data\TXQMPC
Folder Found : C:\ProgramData\Application Data\CloudPrinter
Folder Found : C:\ProgramData\Application Data\Ronzap
Folder Found : C:\ProgramData\Application Data\Ronzaps
Folder Found : C:\ProgramData\Application Data\Logic Handler
Folder Found : C:\Users\Public\Documents\Guid
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\Temp\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
Folder Found : C:\Users\iCyPo\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Folder Found : C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009
Folder Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\app

***** [ Files ] *****

File Found : C:\Windows\SysWOW64\findit.xml
File Found : C:\Windows\SysWOW64\drivers\TS888x64.sys
File Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found : C:\Windows\SysNative\drivers\TAOKernelEx64.sys
File Found : C:\Windows\SysNative\drivers\ucguard.sys

***** [ DLL ] *****


***** [ WMI ] *****

Key Found : \root\subscription\\ActiveScriptEventConsumer [ASEC]

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : tasklist
Task Found : tasklist

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Value Found : HKCU\Environment [SNF]
Value Found : HKCU\Environment [SNP]
Key Found : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Key Found : HKEY_CLASSES_ROOT\.qmgc
Key Found : HKLM\SOFTWARE\Classes\UCHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : HKLM\SOFTWARE\Classes\metnsd
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\csastats
Key Found : HKCU\Software\mtRonzap
Key Found : HKCU\Software\UCBrowserPID
Key Found : HKCU\Software\KuaiZip
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\mtRonzap
Key Found : HKLM\SOFTWARE\UCBrowserPID
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\csastats
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\mtRonzap
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\UCBrowserPID
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\KuaiZip
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{528DE932-CECC-4DD6-B9F2-8269587ADBD0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B5D45767-D8DB-486A-9353-045B361E8C6D}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F467A4A2-4086-49B4-924D-94555F9AE818}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E6122292-43E3-4AD7-BF17-E1537DE2DE13}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{50D83406-7C23-44D6-A2FA-C56D57B4A2C1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2119D14F-7E5F-4A65-923A-C994A33AD08E}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{91E4D4CC-9273-4FD4-83D5-E31C4B492687}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67BD5DBB-1FB0-4AD0-960C-9A8F57DAC574}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0FF99C15-259A-42A6-B2EF-83C3D6047DAD}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7D851A33-CCB0-4A00-A248-E006202C9330}]
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Strongtamplus.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Med-Air.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] - wscript C:\Windows\run.vbs,
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CloudPrinter
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Ronzap
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\backlh

***** [ Web browsers ] *****

[C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8469 bytes] - [20/06/2016 19:35:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8542 bytes] ##########


AdwCleaner[S2]:
# AdwCleaner v5.200 - Logfile created 20/06/2016 at 19:57:53
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : UCGuard
Service Found : backlh
Service Found : zigipyro
Service Found : QQRepairFixSVC
Service Found : dowidoly
Service Found : qyqijyrezbt
Service Found : rijufoze
Service Found : zigipyro

***** [ Folders ] *****

Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\ProgramData\CloudPrinter
Folder Found : C:\ProgramData\Ronzap
Folder Found : C:\ProgramData\Ronzaps
Folder Found : C:\ProgramData\Logic Handler
Folder Found : C:\ProgramData\Application Data\tencent
Folder Found : C:\ProgramData\Application Data\TXQMPC
Folder Found : C:\ProgramData\Application Data\CloudPrinter
Folder Found : C:\ProgramData\Application Data\Ronzap
Folder Found : C:\ProgramData\Application Data\Ronzaps
Folder Found : C:\ProgramData\Application Data\Logic Handler
Folder Found : C:\Users\Public\Documents\Guid
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\Temp\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
Folder Found : C:\Users\iCyPo\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Folder Found : C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009
Folder Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\app

***** [ Files ] *****

File Found : C:\Windows\SysWOW64\findit.xml
File Found : C:\Windows\SysWOW64\drivers\TS888x64.sys
File Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found : C:\Windows\SysNative\drivers\TAOKernelEx64.sys
File Found : C:\Windows\SysNative\drivers\ucguard.sys

***** [ DLL ] *****


***** [ WMI ] *****

Key Found : \root\subscription\\ActiveScriptEventConsumer [ASEC]

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : tasklist
Task Found : tasklist

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Value Found : HKCU\Environment [SNF]
Value Found : HKCU\Environment [SNP]
Key Found : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Key Found : HKEY_CLASSES_ROOT\.qmgc
Key Found : HKLM\SOFTWARE\Classes\UCHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : HKLM\SOFTWARE\Classes\metnsd
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\csastats
Key Found : HKCU\Software\mtRonzap
Key Found : HKCU\Software\UCBrowserPID
Key Found : HKCU\Software\KuaiZip
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\mtRonzap
Key Found : HKLM\SOFTWARE\UCBrowserPID
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\csastats
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\mtRonzap
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\UCBrowserPID
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\KuaiZip
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{528DE932-CECC-4DD6-B9F2-8269587ADBD0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B5D45767-D8DB-486A-9353-045B361E8C6D}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F467A4A2-4086-49B4-924D-94555F9AE818}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E6122292-43E3-4AD7-BF17-E1537DE2DE13}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{50D83406-7C23-44D6-A2FA-C56D57B4A2C1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2119D14F-7E5F-4A65-923A-C994A33AD08E}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{91E4D4CC-9273-4FD4-83D5-E31C4B492687}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67BD5DBB-1FB0-4AD0-960C-9A8F57DAC574}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0FF99C15-259A-42A6-B2EF-83C3D6047DAD}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7D851A33-CCB0-4A00-A248-E006202C9330}]
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Strongtamplus.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Med-Air.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] - wscript C:\Windows\run.vbs,
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CloudPrinter
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Ronzap
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\backlh

***** [ Web browsers ] *****

[C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [593 bytes] - [20/06/2016 19:39:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [8641 bytes] - [20/06/2016 19:35:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [8409 bytes] - [20/06/2016 19:57:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8482 bytes] ##########



AdwCleaner[S3]:
# AdwCleaner v5.201 - Logfile created 02/07/2016 at 09:48:32
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Downloads\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : UCGuard
Service Found : backlh
Service Found : zigipyro
Service Found : QQRepairFixSVC
Service Found : dowidoly
Service Found : qyqijyrezbt
Service Found : rijufoze
Service Found : zigipyro

***** [ Folders ] *****

Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\ProgramData\CloudPrinter
Folder Found : C:\ProgramData\Ronzap
Folder Found : C:\ProgramData\Ronzaps
Folder Found : C:\ProgramData\Logic Handler
Folder Found : C:\ProgramData\Application Data\tencent
Folder Found : C:\ProgramData\Application Data\TXQMPC
Folder Found : C:\ProgramData\Application Data\CloudPrinter
Folder Found : C:\ProgramData\Application Data\Ronzap
Folder Found : C:\ProgramData\Application Data\Ronzaps
Folder Found : C:\ProgramData\Application Data\Logic Handler
Folder Found : C:\Users\Public\Documents\Guid
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\Temp\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
Folder Found : C:\Users\iCyPo\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Folder Found : C:\Users\iCyPo\AppData\Local\03AA02FC-1466200974-05B0-D506-250700080009
Folder Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found : C:\Users\iCyPo\AppData\Local\app

***** [ Files ] *****

File Found : C:\END
File Found : C:\Windows\SysWOW64\findit.xml
File Found : C:\Windows\SysWOW64\drivers\TS888x64.sys
File Found : C:\Users\iCyPo\AppData\Local\Temp\Utils.dll
File Found : C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found : C:\Windows\SysNative\drivers\TAOKernelEx64.sys
File Found : C:\Windows\SysNative\drivers\ucguard.sys

***** [ DLL ] *****


***** [ WMI ] *****

Key Found : \root\subscription\\ActiveScriptEventConsumer [ASEC]

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : tasklist
Task Found : tasklist

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Value Found : HKCU\Environment [SNF]
Value Found : HKCU\Environment [SNP]
Key Found : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Key Found : HKEY_CLASSES_ROOT\.qmgc
Key Found : HKLM\SOFTWARE\Classes\UCHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Key Found : HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : HKLM\SOFTWARE\Classes\metnsd
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\csastats
Key Found : HKCU\Software\mtRonzap
Key Found : HKCU\Software\UCBrowserPID
Key Found : HKCU\Software\KuaiZip
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\mtRonzap
Key Found : HKLM\SOFTWARE\UCBrowserPID
Key Found : HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Key Found : HKLM\SOFTWARE\dllpop100
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Key Found : HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\csastats
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\mtRonzap
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\UCBrowserPID
Key Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\KuaiZip
Key Found : HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{528DE932-CECC-4DD6-B9F2-8269587ADBD0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B5D45767-D8DB-486A-9353-045B361E8C6D}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F467A4A2-4086-49B4-924D-94555F9AE818}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E6122292-43E3-4AD7-BF17-E1537DE2DE13}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{50D83406-7C23-44D6-A2FA-C56D57B4A2C1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2119D14F-7E5F-4A65-923A-C994A33AD08E}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{91E4D4CC-9273-4FD4-83D5-E31C4B492687}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67BD5DBB-1FB0-4AD0-960C-9A8F57DAC574}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0FF99C15-259A-42A6-B2EF-83C3D6047DAD}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7D851A33-CCB0-4A00-A248-E006202C9330}]
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Strongtamplus.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Med-Air.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] - wscript C:\Windows\run.vbs,
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-2475911614-839709902-1613718654-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CloudPrinter
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Ronzap
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\backlh

***** [ Web browsers ] *****

[C:\Users\iCyPo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [593 bytes] - [20/06/2016 19:39:35]
C:\AdwCleaner\AdwCleaner[C2].txt - [346 bytes] - [20/06/2016 19:59:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [8641 bytes] - [20/06/2016 19:35:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [8581 bytes] - [20/06/2016 19:57:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [8960 bytes] - [02/07/2016 09:48:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [9033 bytes] ##########
Attached Files
File Type: txt FRST.txt (141.7 KB, 18 views)
File Type: txt Addition.txt (29.5 KB, 26 views)
iCyZ is offline  
Old 07-02-2016, 01:55 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

Quote:
AdwCleaner[C3]:
# AdwCleaner v5.201 - Logfile created 02/07/2016 at 09:51:00
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : iCyPo - ICY
# Running from : C:\Users\iCyPo\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****
This log seems to be missing. Please can you send it again?
__________________
tekir06 is offline  
Old 07-03-2016, 05:42 AM   #12
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



Quote:
Originally Posted by tekir06 View Post
Hello iCyZ,

This log seems to be missing. Please can you send it again?
it's not complete i think because the software crashed i think.

so what do i do now?
iCyZ is offline  
Old 07-03-2016, 02:35 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

Are you running a legal copy of Windows 10 or any MS product ?
__________________
tekir06 is offline  
Old 07-03-2016, 06:39 PM   #14
Registered Member
 
Join Date: Jun 2016
Posts: 10
OS: Windows 10 pro



Nope, it's a random one from the internet and i activated it with some illegal software
iCyZ is offline  
Old 07-05-2016, 11:29 AM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello iCyZ,

You are running a pirated copy of Windows, and Office.

As you should have read in our pre-posting thread:

IMPORTANT - Read This Before Posting For Malware Removal Help

* It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

This thread shall now be closed.
__________________
tekir06 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Area Connection, doesn't have a valid IP configuration
A little preface before I get into my problem. Last night my friend and I were looking to play a game together. After some research and so forth, we determined that Hamachi was the way to play. So we installed and began to play. Fast forward to this morning, and suddenly my ethernet cable no longer...
TTunnell Networking Support 26 05-22-2014 12:04 AM
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 04:16 AM
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
Happili Virus Redirect
Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you. -ttvr4
ttvr4 Resolved HJT Threads 14 05-15-2012 11:47 AM
Bad Image Errors
I'm trying to get rid of some bad image errors and rundll errors during start-up on my windows xp computer. I ran the HiJackThis program and here is the log. I don't know which ones to delete. Please help. How do I avoid this in the future? Logfile of Trend Micro HijackThis v2.0.4 Scan...
Generalpork12 Resolved HJT Threads 15 02-16-2012 03:52 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:53 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts