Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.) Unlock: HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll Unlock: C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll C:\Users\SONY\AppData\Local\Itpksoft HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll CHR Session Restore: Default -> is enabled. CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-18] C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10] C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X] S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X] C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] C:\Windows\system32\drivers\efavdrv.sys C:\Users\Default\# DECRYPT MY FILES #.vbs C:\Users\SONY\AppData\Local\Temp\certmgr.exe C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE C:\Users\SONY\AppData\Local\Temp\hss_update.exe C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe C:\Windows\AutoKMS Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1} Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] () C:\Users\SONY\Downloads\Compressed\DS4Windows_2 cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end