Script ZHPFix [HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon [HKCU\Software\SparkTrust] =>Rogue.PCCleanerPlus [HKLM\Software\Wow6432Node\SparkTrust] =>Rogue.PCCleanerPlus C:\ProgramData\InstallMate =>PUP.Tarma^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^ C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^ C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^ [HKCU\Software\Snoozer] =>PUP.LuaRT^ [HKCR\CLSID\{5828227c-20cf-4408-b73f-73ab70b8849f}] (UMRDPProtocolManagerAdaptor Class) =>PUP.Manager^ [HKCR\CLSID\{F81B1B56-7613-4ee4-BC05-1FAB5DE5C07E}] (MFMP4PropertyHandler Class) =>PUP.Sogou^ P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.6] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll =>.VideoLAN P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.8] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll =>.VideoLAN P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll =>.VideoLAN P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.2.0] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll =>.VideoLAN R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (11.00.9600.17728 (winblue_r9.150312-1720)) -- C:\Windows\SysWOW64\ieframe.dll O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\windows\system32\pnrpnsp.dll O10 - WLSP:\000000000009\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Default MHTML Editor: Last - .(...) - (.not file.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [266] =>Trojan.AutoKMS O39 - APT: - (..) -- C:\Windows\System32\Tasks\AutoKMS [266] =>Trojan.AutoKMS O41 - Driver: (BAPIDRV) . (. - .) - C:\Windows\System32\DRIVERS\BAPIDRV64.sys (.not file.) [HKCU\Software\Baidu Security] [HKCU\Software\Snoozer] =>PUP.LuaRT [HKCU\Software\SparkTrust] =>Rogue.PCCleanerPlus [HKLM\Software\Wow6432Node\SparkTrust] =>Rogue.PCCleanerPlus O43 - CFD: 24/09/2013 - 12:54:26 - [] ----D C:\Program Files (x86)\Bonjour O43 - CFD: 06/02/2014 - 20:40:07 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 17/04/2015 - 00:57:59 - [] ----D C:\Users\TOSHIBA\AppData\Local\Temp O45 - LFCP:[MD5.43B7DD81B56E26D62D0F1C22DB86BA12] - 07/04/2015 - 20:35:50 ---A- - C:\Windows\Prefetch\BINGBARSETUP-PARTNER.EXE-CDAA0746.pf =>Toolbar.Bing O53 - SMSR:HKLM\...\startupreg\GDataUsbProtection [Key] . (...) -- C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe (.not file.) C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_randomkeygen.com_0.localstorage =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_randomkeygen.com_0.localstorage-journal =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.topcracker.com_0.localstorage =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.topcracker.com_0.localstorage-journal =>.Crack,Keygen C:\Users\TOSHIBA\Desktop\New folder\New folder (3)\Keygen-REPT\Keygen.exe =>.Crack,Keygen C:\Users\TOSHIBA\Desktop\New folder (2)\ASO 3.5 VALID Keygen (Lyon275).exe =>.Crack,Keygen C:\Users\TOSHIBA\Downloads\Auslogics BoostSpeed Premium 7.8.1.0 + Keygen.rar =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_randomkeygen.com_0.localstorage =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_randomkeygen.com_0.localstorage-journal =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.topcracker.com_0.localstorage =>.Crack,Keygen C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.topcracker.com_0.localstorage-journal =>.Crack,Keygen C:\Users\TOSHIBA\Desktop\New folder\New folder (3)\Keygen-REPT\Keygen.exe =>.Crack,Keygen C:\Users\TOSHIBA\Desktop\New folder (2)\ASO 3.5 VALID Keygen (Lyon275).exe =>.Crack,Keygen C:\Users\TOSHIBA\Downloads\Auslogics BoostSpeed Premium 7.8.1.0 + Keygen.rar =>.Crack,Keygen FirewallRaz EmptyTemp EmptyFlash Proxyfix Sysrestore