Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Acer (2016-07-04 19:53:36) Run:1 Running from C:\Users\Acer\Desktop Loaded Profiles: Acer (Available Profiles: Acer) Boot Mode: Normal ============================================== fixlist content: ***************** " start CreateRestorePoint: CloseProcesses: Task: {03314125-0759-4BE7-ACF6-63AE1A8B9609} - System32\Tasks\KuaiZip_Update => C:\Program Files\¿ìѹ\X86\Update.exe [2016-07-03] (Shanghai Guangle Network Technology Ltd) <==== ATTENTION Task: {331748DF-94F2-49B8-A646-49312A02FDA0} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-28] (Distromatic) <==== ATTENTION Task: {3AD800D6-E087-43E2-9752-FA6D1A7884B5} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe Task: {64FEF800-98F3-4E04-A32F-36E1EAC64E54} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-28] (Distromatic) <==== ATTENTION Task: {6F4CE143-3FCB-4D15-81B1-E6322730B2C4} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-28] (Distromatic) <==== ATTENTION Task: {F445F47A-F87C-401F-A3BC-8FB18B6AB926} - System32\Tasks\Shanot Cloud => C:\Program Files (x86)\Qerlegherzerk\shnCldphv.exe Task: {FF368EBE-B865-4304-872D-21594AA61B1B} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-28] (Distromatic) <==== ATTENTION Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe FirewallRules: [{590A4FD0-0674-4B84-9DB4-5338C01A653D}] => (Allow) C:\Program Files (x86)\Wifisrv\helptool.exe FirewallRules: [{5EB266A3-934D-4190-8FE1-CFB78F5A5861}] => (Allow) C:\Program Files (x86)\Wifisrv\YunExplorer.exe FirewallRules: [{FAA0FFC3-33C3-4EA1-ACF8-7A567DBD9612}] => (Allow) C:\Program Files (x86)\Wifisrv\WifiService.exe FirewallRules: [{FF0456CB-427E-46AE-AECE-03E4CD82464D}] => (Allow) C:\Program Files (x86)\Wifisrv\160WiFi.exe FirewallRules: [{11BEB365-127F-4D5A-8C34-65BBEE620D37}] => (Allow) C:\Program Files (x86)\Wifisrv\\WifiService.exe WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> hxxp://yeabests.cc (No File) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> hxxp://yeabests.cc (No File) IE trusted site: HKU\S-1-5-21-4106620623-631192622-675998710-1001\...\amazon.com -> hxxps://amazon.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2016-07-03] () SearchScopes: HKU\S-1-5-21-4106620623-631192622-675998710-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_32b01a3e_1201_1403_20160428_BE_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms} R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.) R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219072 2016-07-03] () R2 usbmonitorhost; C:\Program Files (x86)\USBBoxLite\pnphost.dll [127792 2016-05-17] () R2 WifiSrv; C:\Program Files (x86)\Wifisrv\WifiService.exe [219392 2015-12-16] () R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.) R1 USBMonitorProtect; C:\Program Files (x86)\USBBoxLite\USBMonitorProtect64.sys [1012048 2016-05-17] (DriveTheLife Corporation) R1 160WifiNetPro; C:\Program Files (x86)\Wifisrv\160WifiNetPro64.sys [129784 2015-12-16] () R0 wifinetmini; C:\Windows\System32\wifinetmini64.sys [16624 2015-12-02] () C:\Program Files (x86)\Amazon Browser Settings C:\Program Files (x86)\UCBrowser C:\Program Files (x86)\Wifisrv C:\Program Files (x86)\USBBoxLite C:\Program Files (x86)\Amazon C:\WINDOWS\LastGood.Tmp C:\Users\Acer\AppData\Roaming\RandomDelJiheReg.exe C:\Users\Acer\AppData\Roaming\Maxthon3 C:\WINDOWS\Tasks\UCBrowserUpdater.job C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk C:\WINDOWS\System32\Tasks\KuaiZip_Update C:\WINDOWS\System32\Tasks\UCBrowserUpdater C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys C:\Users\Acer\AppData\Roaming\xdo.zip C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Acer\AppData\Roaming\Kuaizip C:\Users\Acer\AppData\Roaming\Softlink C:\ProgramData\160WiFi C:\Program Files\¿ìѹ C:\Users\Acer\AppData\Local\app C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB大师 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\160WiFi C:\Program Files (x86)\USBBoxLite C:\WINDOWS\system32\Drivers\ucguard.sys C:\Users\Acer\AppData\Roaming\ziptool_wc-9015_setup.exe C:\WINDOWS\system32\wifinetinit64.dll C:\WINDOWS\system32\wifinetmini64.sys C:\Program Files (x86)\mpck C:\Program Files (x86)\Wifisrv C:\Users\Acer\AppData\Roaming\agent.dat C:\Users\Acer\AppData\Roaming\Main.dat C:\Users\Acer\AppData\Roaming\U-zumlab.exe C:\Users\Acer\AppData\Roaming\Gravetam.exe C:\Users\Acer\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe C:\Users\Acer\AppData\Roaming\160wifi_wcid-6089.exe C:\Users\Acer\AppData\Roaming\gplyra C:\Users\Acer\AppData\Local\Apps\2.0 C:\Users\Acer\AppData\Roaming\Installer.dat C:\WINDOWS\system32\Drivers\etc\hp.bak C:\Program Files (x86)\Qerlegherzerk Hosts: EmptyTemp: end ***************** " => Error: No automatic fix found for this entry. Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03314125-0759-4BE7-ACF6-63AE1A8B9609}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03314125-0759-4BE7-ACF6-63AE1A8B9609}" => key removed successfully C:\WINDOWS\System32\Tasks\KuaiZip_Update => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KuaiZip_Update" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331748DF-94F2-49B8-A646-49312A02FDA0} => key not found. C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AD800D6-E087-43E2-9752-FA6D1A7884B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AD800D6-E087-43E2-9752-FA6D1A7884B5}" => key removed successfully C:\WINDOWS\System32\Tasks\UCBrowserUpdater => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FEF800-98F3-4E04-A32F-36E1EAC64E54} => key not found. C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F4CE143-3FCB-4D15-81B1-E6322730B2C4} => key not found. C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F445F47A-F87C-401F-A3BC-8FB18B6AB926}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F445F47A-F87C-401F-A3BC-8FB18B6AB926}" => key removed successfully C:\WINDOWS\System32\Tasks\Shanot Cloud => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shanot Cloud" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF368EBE-B865-4304-872D-21594AA61B1B} => key not found. C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly => key not found. C:\WINDOWS\Tasks\UCBrowserUpdater.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{590A4FD0-0674-4B84-9DB4-5338C01A653D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EB266A3-934D-4190-8FE1-CFB78F5A5861} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAA0FFC3-33C3-4EA1-ACF8-7A567DBD9612} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF0456CB-427E-46AE-AECE-03E4CD82464D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11BEB365-127F-4D5A-8C34-65BBEE620D37} => value not found. WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> hxxp://yeabests.cc (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> hxxp://yeabests.cc (No File) => Error: No automatic fix found for this entry. "HKU\S-1-5-21-4106620623-631192622-675998710-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com" => key removed successfully 127.0.0.1 down.baidu2016.com => Error: No automatic fix found for this entry. 127.0.0.1 123.sogou.com => Error: No automatic fix found for this entry. 127.0.0.1 www.czzsyzgm.com => Error: No automatic fix found for this entry. 127.0.0.1 www.czzsyzxl.com => Error: No automatic fix found for this entry. 127.0.0.1 union.baidu2019.com => Error: No automatic fix found for this entry. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj" => key removed successfully "HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}" => key removed successfully HKU\S-1-5-21-4106620623-631192622-675998710-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. Amazon 1Button App Service => service not found. KuaizipUpdateChecker => service removed successfully usbmonitorhost => service removed successfully WifiSrv => service could not remove UCGuard => Unable to stop service. UCGuard => service removed successfully USBMonitorProtect => Unable to stop service. USBMonitorProtect => service removed successfully 160WifiNetPro => Unable to stop service. 160WifiNetPro => service could not remove wifinetmini => Unable to stop service. wifinetmini => service removed successfully "C:\Program Files (x86)\Amazon Browser Settings" => not found. "C:\Program Files (x86)\UCBrowser" => not found. C:\Program Files (x86)\Wifisrv => moved successfully C:\Program Files (x86)\USBBoxLite => moved successfully "C:\Program Files (x86)\Amazon" => not found. C:\WINDOWS\LastGood.Tmp => moved successfully C:\Users\Acer\AppData\Roaming\RandomDelJiheReg.exe => moved successfully C:\Users\Acer\AppData\Roaming\Maxthon3 => moved successfully "C:\WINDOWS\Tasks\UCBrowserUpdater.job" => not found. C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk => moved successfully "C:\WINDOWS\System32\Tasks\KuaiZip_Update" => not found. "C:\WINDOWS\System32\Tasks\UCBrowserUpdater" => not found. C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys => moved successfully C:\Users\Acer\AppData\Roaming\xdo.zip => moved successfully C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 => moved successfully C:\Users\Acer\AppData\Roaming\Kuaizip => moved successfully C:\Users\Acer\AppData\Roaming\Softlink => moved successfully C:\ProgramData\160WiFi => moved successfully C:\Program Files\¿ìѹ => moved successfully C:\Users\Acer\AppData\Local\app => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB大师 => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\160WiFi => moved successfully "C:\Program Files (x86)\USBBoxLite" => not found. C:\WINDOWS\system32\Drivers\ucguard.sys => moved successfully C:\Users\Acer\AppData\Roaming\ziptool_wc-9015_setup.exe => moved successfully C:\WINDOWS\system32\wifinetinit64.dll => moved successfully C:\WINDOWS\system32\wifinetmini64.sys => moved successfully C:\Program Files (x86)\mpck => moved successfully "C:\Program Files (x86)\Wifisrv" => not found. C:\Users\Acer\AppData\Roaming\agent.dat => moved successfully C:\Users\Acer\AppData\Roaming\Main.dat => moved successfully C:\Users\Acer\AppData\Roaming\U-zumlab.exe => moved successfully C:\Users\Acer\AppData\Roaming\Gravetam.exe => moved successfully C:\Users\Acer\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe => moved successfully C:\Users\Acer\AppData\Roaming\160wifi_wcid-6089.exe => moved successfully C:\Users\Acer\AppData\Roaming\gplyra => moved successfully C:\Users\Acer\AppData\Local\Apps\2.0 => moved successfully C:\Users\Acer\AppData\Roaming\Installer.dat => moved successfully C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully C:\Program Files (x86)\Qerlegherzerk => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12895887 B Java, Flash, Steam htmlcache => 616 B Windows/system/drivers => 12599626 B Edge => 1079 B Chrome => 0 B Firefox => 22329139 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 2962 B Acer => 6489347 B RecycleBin => 7278 B EmptyTemp: => 51.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:54:38 ====