Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 error on startup - .dll files failed to load [Solved]

Started by Lance Cabrera Fajardo , Jun 06 2016 11:07 PM

This topic is locked

#1
Lance Cabrera Fajardo

Posted 06 June 2016 - 11:07 PM

Member

Member
29 posts

Good Day Sir!

I'm having the same error/s like the ones that this previous topic

http://www.geekstogo.com/forum/topic/346465-regsvr32-error-on-startup-module-failed-to-load/#entry2472007

(which was previously Solved by GeekU Moderator/Teacher)

regarding some .dll files that failed to load on system start up.

So i was hoping you could help me too.

I have followed GeekU Moderator/Teacher's response, up to the Member sending some .txt files on which from there i stopped because i have the .txt files to send on my own.

I'm really having these pop ups on start up for a week now, i have tried almost everything, except a help from your side.

Will look forward on your generous response.

Thanks & Regards,

Lance

PS.

Attached are Addition.txt aswMBR.txt and FRST.txt

Attached Files

Addition.txt 33.91KB 267 downloads
aswMBR.txt 2.12KB 221 downloads
FRST.txt 51.09KB 268 downloads

#2
dbreeze

Posted 07 June 2016 - 12:26 AM

Trusted Helper

Malware Removal
2,216 posts

Hi Mr. Fajardo,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others. If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed. All of the tools I will have you use are safe to use (as instructed) and malware free.
While we strive to disrupt your system as little as possible, things happen. If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
Please do not run any other tools or scanners than what I ask you to. Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Your logs show signs of Cracked and Pirated software installed on your system. Most likely, this is where the malware came from. If you want help here then you will have to first remove ALL the cracked / pirated software from your system and then run fresh scans / logs.

If you have any questions, please ask them. Thanks.

#3
Lance Cabrera Fajardo

Posted 07 June 2016 - 03:02 AM

Member

Topic Starter
Member
29 posts

Good Day

Thank you for the quick response dbreeze, i really appreciate this one.

On to my problem, i apologize for the pirated software installed on my PC, I will try to remove all of these software as fast as i can, then i will give you immediate feedback.

After i do remove all of these 'pirated software', can i ask for the next steps?

are there any other software i need to download or run after the first step that you've given me?

Again, thanks for the reply.

Lance.

#4
dbreeze

Posted 07 June 2016 - 09:34 AM

Trusted Helper

Malware Removal
2,216 posts

Thanks for understanding about the software.

Basically, just re-scan with FRST after you remove the software.

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST that is on your Desktop by right clicking and selecting "Run as Administrator".

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)

Select Additional.txt in the Optional Scans section of FRST64. Also, select 90 Days Files in the Optional Scans section.

Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Open the logs in notepad and copy the logs and paste back in a message as a reply.

#5
Lance Cabrera Fajardo

Posted 08 June 2016 - 09:19 AM

Member

Topic Starter
Member
29 posts

Hello,

Sorry for a lil delay on my reply,
been quite busy at work,

Anyway, last night i did removed a couple of software of which i thought was 'pirated' in my laptop.

I also did the FRST scan and here are my .txt logs.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016
Ran by SONY (administrator) on SONY-PC (08-06-2016 19:06:24)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Enigma Software Group USA, LLC.) D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Fast Windows Hider\fwh.exe
(BitTorrent Inc.) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [461560 2014-07-28] (IVT Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-11-10] (Tonec Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [837632 2015-11-18] (RemoteMouse.net)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-01] (Google Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Fast Windows Hider] => C:\Program Files (x86)\Fast Windows Hider\fwh.exe [796160 2010-02-04] ()
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [uTorrent] => C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe [1990656 2016-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [UZNmedia] => regsvr32.exe C:\Users\SONY\AppData\Local\UZNmedia\wzdheftk.dll <===== ATTENTION
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2781238C-72DD-4803-89C0-FA08EBDE932C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7E844D01-7B0E-43FD-BA46-4013B6EA446B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected]
FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected] [2016-02-07] [not signed]
FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5 [2016-06-08] [not signed]
FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-06-06]
CHR Extension: (AdBlock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]
CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-05-01]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-08]
CHR Extension: (IDM Integration Module) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-19]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-05-06]
CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-07-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3246984 2014-07-28] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2014-07-23] (IVT Corporation)
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2014-07-23] (IVT Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 cPhoneSDKCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [281456 2014-06-16] (IVT Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2875008 2016-05-28] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-05-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29944 2014-06-24] (IVT Corporation.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44152 2014-07-14] (IVT Corporation.)
R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-02] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-19] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [120520 2013-06-20] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0045.sys [38432 2016-01-21] (SoftEther Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-31] (Synaptics Incorporated)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-09-19] (Anchorfree Inc.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 19:06 - 2016-06-08 19:06 - 00020461 _____ C:\Users\SONY\Desktop\FRST.txt
2016-06-08 19:06 - 2016-06-08 19:06 - 00000000 ____D C:\Users\SONY\Desktop\FRST-OlderVersion
2016-06-07 13:03 - 2016-06-07 13:03 - 450433116 _____ C:\Windows\MEMORY.DMP
2016-06-07 13:03 - 2016-06-07 13:03 - 00000000 ____D C:\Windows\Minidump
2016-06-07 08:58 - 2016-06-07 08:58 - 00002173 _____ C:\Users\SONY\Desktop\aswMBR.txt
2016-06-07 08:58 - 2016-06-07 08:58 - 00000512 _____ C:\Users\SONY\Desktop\MBR.dat
2016-06-07 08:44 - 2016-06-08 19:06 - 00000000 ____D C:\FRST
2016-06-07 08:44 - 2016-06-07 08:44 - 05200384 _____ (AVAST Software) C:\Users\SONY\Desktop\aswmbr.exe
2016-06-07 08:43 - 2016-06-08 19:06 - 02385408 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe
2016-06-07 08:21 - 2016-06-07 23:15 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
2016-06-07 08:21 - 2016-06-07 08:21 - 00000000 ____D C:\ProgramData\TEMP
2016-06-07 08:19 - 2016-06-07 08:19 - 00006928 _____ C:\Users\SONY\Downloads\[kat.cr]dll.files.fixer.3.3.90.3079.multilingual.key.4realtorrentz.torrent
2016-06-06 10:08 - 2016-06-06 10:08 - 00019844 _____ C:\Users\SONY\Downloads\[kat.cr]zootopia.2016.720p.bluray.950mb.shaanig.torrent
2016-06-06 10:06 - 2016-06-06 10:06 - 00017689 _____ C:\Users\SONY\Downloads\[kat.cr]just.the.3.of.us.2016.hdrip.buhaypirata.torrent
2016-06-06 08:48 - 2016-06-06 08:48 - 00004607 _____ C:\Users\SONY\Downloads\C94820438FFE28D9F796B0C56F717DB3C53EB164.torrent
2016-06-06 07:52 - 2016-06-06 07:52 - 00000000 ____D C:\Users\SONY\Documents\Wondershare
2016-06-05 17:14 - 2016-06-05 17:14 - 00003284 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-06-05 17:14 - 2016-06-05 16:41 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
2016-06-05 17:13 - 2016-06-05 17:15 - 00000000 ___HD C:\u9aRURXZcvFKJij5
2016-06-05 17:13 - 2016-06-05 17:13 - 00036669 _____ C:\spyhunter.fix
2016-06-05 16:40 - 2016-06-05 16:40 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood (1).torrent
2016-06-05 16:36 - 2016-06-05 16:36 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood.torrent
2016-06-05 12:59 - 2016-06-06 09:15 - 00017671 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 21.xlsx
2016-06-05 12:59 - 2016-06-06 09:04 - 00016464 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 22.xlsx
2016-06-05 09:30 - 2016-06-06 09:04 - 00014828 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 20.xlsx
2016-06-05 09:26 - 2016-06-05 09:26 - 00028024 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal 10, 12 & 13 (AM & PM) May'16.xlsx
2016-06-03 12:04 - 2016-06-03 12:04 - 00068143 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.smackdown.2016.06.02.hdtv.x264.ebi.tjet.torrent
2016-06-03 11:09 - 2016-06-03 11:09 - 00000000 ____D C:\Users\SONY\AppData\Local\Macroplant_LLC
2016-06-03 11:07 - 2016-06-03 11:07 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-06-03 11:07 - 2016-06-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-03 11:07 - 2016-06-03 11:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-06-03 11:06 - 2016-06-03 11:06 - 00000000 ____D C:\Users\SONY\AppData\LocalLow\Apple Computer
2016-06-03 11:01 - 2016-06-03 11:01 - 00015218 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.v3.9.4.0.setup.crack.core.x.torrent
2016-06-03 11:01 - 2016-06-03 11:01 - 00012284 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.3.2.2.6.with.serial.torrent
2016-06-03 10:32 - 2016-06-03 10:32 - 00001440 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-03 10:32 - 2016-06-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-03 10:31 - 2016-06-03 10:31 - 00000000 ____D C:\Program Files\iPod
2016-06-03 10:28 - 2016-06-03 10:28 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed] (1).torrent
2016-06-03 09:21 - 2016-06-08 19:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 09:20 - 2016-06-03 09:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-03 09:20 - 2016-06-03 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-03 09:20 - 2016-06-03 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-03 09:20 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 09:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 09:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-03 00:08 - 2016-06-03 00:08 - 00000020 ___SH C:\Users\SONY\ntuser.ini
2016-06-02 21:18 - 2016-06-02 21:18 - 00000000 _____ C:\autoexec.bat
2016-06-02 21:16 - 2016-06-02 21:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-02 21:13 - 2016-06-07 23:17 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2016-06-02 21:13 - 2016-06-07 23:17 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-06-02 21:13 - 2016-06-07 23:17 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2016-06-02 20:46 - 2016-06-02 20:46 - 00000000 ____D C:\Users\SONY\AppData\Roaming\www.shadowexplorer.com
2016-06-02 20:28 - 2016-06-02 20:28 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-02 20:25 - 2016-06-02 20:25 - 49152216 _____ (Microsoft Corporation) C:\Users\SONY\Desktop\Windows-KB890830-x64-V5.36.exe
2016-06-02 20:24 - 2016-06-02 20:24 - 00000000 ____D C:\ProgramData\ESET
2016-06-02 20:17 - 2016-06-02 20:17 - 00012380 _____ C:\Users\Default\# DECRYPT MY FILES #.html
2016-06-02 20:17 - 2016-06-02 20:17 - 00010509 _____ C:\Users\Default\# DECRYPT MY FILES #.txt
2016-06-02 20:17 - 2016-06-02 20:17 - 00000216 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs
2016-06-02 20:17 - 2016-06-02 20:17 - 00000085 _____ C:\Users\Default\# DECRYPT MY FILES #.url
2016-06-02 19:54 - 2016-06-02 19:54 - 00003636 _____ C:\Windows\System32\Tasks\newdev
2016-06-01 23:12 - 2016-06-01 23:12 - 00020250 _____ C:\Users\SONY\Downloads\[kat.cr]love.is.blind.2016.hdrip.720p.x264.rsg.torrent
2016-06-01 23:11 - 2016-06-01 23:11 - 00023319 _____ C:\Users\SONY\Downloads\[kat.cr]beauty.and.the.bestie.2015.hdrip.x264.rsg.torrent
2016-06-01 23:11 - 2016-06-01 23:11 - 00022995 _____ C:\Users\SONY\Downloads\[kat.cr]all.you.need.is.pag.ibig.2015.hdrip.720p.x264.rsg.torrent
2016-06-01 23:10 - 2016-06-01 23:10 - 00027002 _____ C:\Users\SONY\Downloads\[kat.cr]the.prenup.2015.hdrip.720p.x264.rsg.torrent
2016-06-01 07:28 - 2016-06-01 07:28 - 00132007 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.2016.05.30.hdtv.x264.overtime.rartv.torrent
2016-05-30 20:41 - 2016-05-30 20:41 - 00173825 _____ C:\Users\SONY\Downloads\[kat.cr]ufc.fight.night.88.web.dl.h264.fight.bb.torrent
2016-05-30 20:40 - 2016-05-30 20:40 - 00004130 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e06.hdtv.x264.killers.ettv.torrent
2016-05-27 09:36 - 2016-05-27 09:36 - 00000000 _____ C:\Windows\maraes
2016-05-25 13:04 - 2016-05-25 13:04 - 00003469 _____ C:\Users\SONY\Downloads\63C89D7F5A4EE4574194376746CCFE0ADA0976F1.torrent
2016-05-24 16:22 - 2016-05-24 16:22 - 00020944 _____ C:\Users\SONY\Downloads\[kat.cr]gfrevenge.ava.taylor.screen.shot.torrent
2016-05-24 16:21 - 2016-05-24 16:21 - 00057871 _____ C:\Users\SONY\Downloads\[kat.cr]ava.taylor.2015.hd.720p.torrent
2016-05-24 16:17 - 2016-05-24 16:17 - 00044719 _____ C:\Users\SONY\Downloads\[kat.cr]teenslovemoney.ava.taylor.windy.city.snatch.07.08.2014.torrent
2016-05-24 16:17 - 2016-05-24 16:17 - 00017175 _____ C:\Users\SONY\Downloads\[kat.cr]tiny4k.ava.taylor.tiny.latina.07.01.2014.torrent
2016-05-24 16:16 - 2016-05-24 16:16 - 00016195 _____ C:\Users\SONY\Downloads\[kat.cr]povd.ava.taylor.in.loft.[bleep]ing.torrent
2016-05-24 16:15 - 2016-05-24 16:15 - 00114217 _____ C:\Users\SONY\Downloads\[kat.cr]exploited18.14.03.12.ava.taylor.xxx.1080p.mp4.ktr.torrent
2016-05-24 16:13 - 2016-05-24 16:13 - 00009632 _____ C:\Users\SONY\Downloads\[kat.cr]cfnmteens.ava.taylor.vacation.time.office.quickie.torrent
2016-05-24 16:10 - 2016-05-24 16:10 - 00011604 _____ C:\Users\SONY\Downloads\[kat.cr]therealworkout.ava.taylor.sorry.about.your.balls.torrent
2016-05-24 09:54 - 2016-05-24 09:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-24 09:42 - 2016-05-24 09:42 - 00000000 ____D C:\Users\SONY\Tracing
2016-05-24 09:41 - 2016-05-24 09:41 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil voip
2016-05-24 09:40 - 2016-05-24 09:40 - 00015961 _____ C:\Users\SONY\Downloads\[kat.cr]adobe.acrobat.xi.pro.11.0.16.multilingual.crack.torrent
2016-05-24 09:38 - 2016-05-24 09:38 - 00118613 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.hdtv.x264.fmn.tjet.torrent
2016-05-24 09:36 - 2016-05-24 09:36 - 00169083 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.720p.hdtv.x264.fmn.tjet.torrent
2016-05-23 15:39 - 2016-05-23 15:39 - 00004723 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e05.hdtv.x264.killers.ettv.torrent
2016-05-23 11:56 - 2016-05-23 11:56 - 00180829 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.extreme.rules.2016.ppv.web.h264.heel.tjet.torrent
2016-05-20 21:09 - 2016-05-20 21:09 - 00016865 _____ C:\Users\SONY\Downloads\60de7fc58c58e6f59ca33bdcace82c35be959a9b-Trigun-Complete-[Dual].torrent
2016-05-20 01:13 - 2016-05-20 01:13 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed].torrent
2016-05-18 10:16 - 2016-05-18 10:16 - 00003628 _____ C:\Users\SONY\Downloads\[kat.cr]the.flash.2014.s02e22.hdtv.x264.lol.ettv.torrent
2016-05-17 12:35 - 2016-05-17 12:35 - 00021462 _____ C:\Users\SONY\Downloads\[kat.cr]captain.america.civil.war.2016.1080p.hd.tc.ac3.x264.etrg.torrent
2016-05-17 10:08 - 2016-05-17 10:08 - 00119513 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.16.2016.hdtv.x264.fmn.tjet.torrent
2016-05-16 18:07 - 2016-06-03 10:24 - 00000000 ____D C:\Users\SONY\Downloads\Daimos
2016-05-16 13:45 - 2016-05-16 13:45 - 00003403 _____ C:\Users\SONY\Downloads\[kat.cr]the.flash.2014.s02e21.hdtv.x264.lol.ettv.torrent
2016-05-16 13:45 - 2016-05-16 13:45 - 00003217 _____ C:\Users\SONY\Downloads\[kat.cr]the.flash.2014.s02e20.hdtv.x264.lol.ettv.torrent
2016-05-16 10:01 - 2016-05-16 10:01 - 00002633 _____ C:\Users\SONY\Desktop\µTorrent.lnk
2016-05-16 10:01 - 2016-05-16 10:01 - 00002633 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-16 10:00 - 2016-06-08 19:07 - 00000000 ____D C:\Users\SONY\AppData\Roaming\uTorrent
2016-05-16 09:53 - 2016-05-16 09:53 - 00005436 _____ C:\Users\SONY\Downloads\[kat.cr]utorrent.pro3.4.6.build.41079.beta.crack.4realtorrentz.torrent
2016-05-16 09:52 - 2016-05-16 09:52 - 00027600 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e04.hdtv.x264.fleet.rartv.torrent
2016-05-15 15:34 - 2016-06-03 10:24 - 00000000 ____D C:\Users\SONY\AppData\Roaming\HYXDevPsnList
2016-05-15 15:34 - 2016-05-15 15:34 - 00000000 ____D C:\Users\SONY\AppData\Roaming\HMYGSetting
2016-05-15 15:34 - 2016-05-15 15:34 - 00000000 ____D C:\Users\SONY\AppData\Local\Wondershare
2016-05-15 15:34 - 2016-05-15 15:34 - 00000000 ____D C:\ProgramData\Wondershare
2016-05-14 11:05 - 2016-06-03 10:24 - 00000000 ____D C:\Users\SONY\Documents\Kalihiman
2016-05-14 10:38 - 2016-05-14 10:39 - 00000008 ___SH C:\Users\SONY\ntuser.pol
2016-05-14 10:22 - 2010-10-13 16:10 - 00342056 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2016-05-14 10:22 - 2010-10-13 16:10 - 00135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2016-05-14 10:22 - 2010-10-13 16:10 - 00102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2016-05-14 10:22 - 2010-10-13 16:10 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2016-05-14 10:22 - 2010-10-13 16:07 - 00039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2016-05-14 10:20 - 2016-05-14 10:20 - 00000000 ____D C:\Program Files\WIDCOMM
2016-05-14 10:17 - 2016-05-14 10:17 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Intel
2016-05-14 10:16 - 2016-05-14 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-05-14 10:16 - 2016-05-14 10:16 - 00000000 ____D C:\ProgramData\Intel
2016-05-14 10:16 - 2016-05-14 10:16 - 00000000 ____D C:\Program Files\Intel
2016-05-14 10:16 - 2016-05-14 10:16 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-14 10:16 - 2016-05-14 10:16 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-05-14 10:15 - 2016-05-14 23:23 - 00000021 _____ C:\Windows\Model.txt
2016-05-14 10:13 - 2016-05-14 10:13 - 00000000 ____D C:\Program Files\DIFX
2016-05-14 10:03 - 2016-06-05 09:24 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-05-14 10:02 - 2016-06-05 09:41 - 00000000 ____D C:\Windows\AutoKMS
2016-05-14 10:02 - 2016-05-14 10:02 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-05-14 09:56 - 2016-05-14 09:56 - 00081166 _____ C:\Users\SONY\Downloads\[kat.cr]windows.7.professional.x64.with.key.torrent
2016-05-14 09:43 - 2016-05-14 09:43 - 00001617 _____ C:\Users\SONY\Downloads\Reset_Notification_Area_Icons_Cache (1).bat
2016-05-14 09:29 - 2016-05-14 09:28 - 00001617 _____ C:\Users\SONY\Desktop\Reset_Notification_Area_Icons_Cache.bat
2016-05-14 09:28 - 2016-05-14 09:28 - 00001617 _____ C:\Users\SONY\Downloads\Reset_Notification_Area_Icons_Cache.bat
2016-05-14 09:17 - 2016-05-14 09:17 - 00001046 _____ C:\Users\SONY\Desktop\Fast Windows Hider.lnk
2016-05-14 09:17 - 2016-05-14 09:17 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast Windows Hider
2016-05-14 09:17 - 2016-05-14 09:17 - 00000000 ____D C:\Program Files (x86)\Fast Windows Hider
2016-05-13 20:45 - 2016-05-13 20:45 - 00015246 _____ C:\Users\SONY\Downloads\[kat.cr]how.to.be.single.2016.hdrip.xvid.etrg.torrent
2016-05-13 08:37 - 2016-05-13 08:37 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b (1).torrent
2016-05-13 08:36 - 2016-05-13 08:36 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b.torrent
2016-05-13 00:00 - 2016-05-13 00:00 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 19:04 - 2014-07-28 17:39 - 00001628 _____ C:\Windows\SysWOW64\bscs.ini
2016-06-08 19:02 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-08 19:02 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-08 19:01 - 2016-02-07 23:04 - 00006493 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2016-06-08 19:01 - 2016-02-07 23:04 - 00000099 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2016-06-08 19:00 - 2015-11-10 22:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 19:00 - 2015-11-10 22:40 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-06-08 19:00 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-08 19:00 - 2009-07-14 08:45 - 00414656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-08 18:58 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\DMCache
2016-06-08 18:41 - 2015-11-10 22:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 18:00 - 2015-11-10 22:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-08 08:02 - 2015-11-11 00:35 - 00108840 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 23:22 - 2016-02-02 23:30 - 00000000 ____D C:\ProgramData\Adobe
2016-06-07 23:16 - 2016-01-21 23:27 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-06-07 23:16 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf
2016-06-06 23:09 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc
2016-06-06 13:32 - 2009-07-14 09:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-06 12:49 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Video
2016-06-05 13:44 - 2016-02-06 20:37 - 00000573 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2016-06-05 13:38 - 2016-02-07 23:01 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil
2016-06-03 11:03 - 2015-11-21 17:44 - 00000000 ____D C:\Users\SONY\AppData\Roaming\WinRAR
2016-06-03 10:31 - 2016-04-15 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-03 10:31 - 2015-11-13 11:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 10:24 - 2016-02-24 19:58 - 00000000 ____D C:\Users\SONY\AppData\Roaming\InputMapper
2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Compressed
2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\IDM
2016-06-03 10:24 - 2015-11-13 13:48 - 00000000 ____D C:\Users\SONY\Downloads\Internet Download Manager (IDM) 6.25 Build 3 Registered (32bit + 64bit Patch) [CrackingPatching]
2016-06-03 10:24 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Skype
2016-06-03 10:24 - 2015-11-10 22:14 - 00000000 ____D C:\Users\SONY
2016-06-03 10:10 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\Web
2016-06-02 20:18 - 2010-11-21 07:24 - 00000000 __SHD C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}
2016-06-02 07:46 - 2015-11-10 22:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-02 07:46 - 2015-11-10 22:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-29 08:23 - 2015-11-10 22:40 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 13:26 - 2016-01-21 23:54 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-05-28 13:26 - 2016-01-21 23:54 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-05-28 13:25 - 2016-01-21 23:55 - 00001048 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-05-24 09:58 - 2016-02-02 23:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-24 09:53 - 2016-02-02 23:27 - 00000000 ____D C:\Users\SONY\Desktop\Adobe Acrobat XI
2016-05-18 13:25 - 2016-02-06 20:37 - 00003881 _____ C:\Windows\SysWOW64\SHORTCUT.INI
2016-05-17 10:09 - 2016-03-07 21:58 - 00000000 ___SD C:\Users\SONY\AppData\LocalLow\Temp
2016-05-15 12:07 - 2015-11-10 22:40 - 00000000 __SHD C:\[Smad-Cage]
2016-05-14 10:37 - 2009-07-14 07:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-13 00:00 - 2015-11-10 22:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 00:00 - 2015-11-10 22:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 00:00 - 2015-11-10 22:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-11 19:20 - 2015-11-10 22:15 - 00000000 ____D C:\Users\SONY\AppData\Local\VirtualStore
2016-05-11 05:36 - 2015-11-10 22:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 05:36 - 2015-11-10 22:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2007-08-17 03:00 - 2007-08-17 03:00 - 0001669 _____ () C:\Users\SONY\AppData\Roaming\CranageInadvertency.LLw
1994-03-11 04:00 - 1994-03-11 04:00 - 0053252 _____ () C:\Users\SONY\AppData\Roaming\Introvert.J
1986-03-18 04:00 - 1986-03-18 04:00 - 0002274 _____ () C:\Users\SONY\AppData\Roaming\PrivetOdor.SXy
1992-04-05 03:00 - 1992-04-05 03:00 - 0049764 _____ () C:\Users\SONY\AppData\Roaming\RedeAria.FHs
2013-05-27 03:00 - 2013-05-27 03:00 - 0049883 _____ () C:\Users\SONY\AppData\Roaming\Submersible.rFx
2012-06-16 03:00 - 2012-06-16 03:00 - 0002267 _____ () C:\Users\SONY\AppData\Roaming\Temporary.5
2015-11-15 18:18 - 2015-11-15 18:18 - 0000017 _____ () C:\Users\SONY\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Default\# DECRYPT MY FILES #.vbs

Some files in TEMP:
====================
C:\Users\SONY\AppData\Local\Temp\certmgr.exe
C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE
C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE
C:\Users\SONY\AppData\Local\Temp\hss_update.exe
C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-07 11:22

==================== End of FRST.txt ============================

for the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by SONY (2016-06-08 19:07:15)
Running from C:\Users\SONY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-11-10 18:14:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2633912966-161357401-2138039649-500 - Administrator - Disabled)
Guest (S-1-5-21-2633912966-161357401-2138039649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2633912966-161357401-2138039649-1002 - Limited - Enabled)
SONY (S-1-5-21-2633912966-161357401-2138039649-1000 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\uTorrent) (Version: 3.4.8.42358 - BitTorrent Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Betternet (HKLM-x32\...\Betternet) (Version: - )
BlueSoleil 10.0.479.1 (HKLM\...\{9453A661-550D-4FB9-BC91-3C1EEDF2ABDB}) (Version: 10.0.479.1 - IVT Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Fast Windows Hider 3.9 (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Fast Windows Hider) (Version: 3.9 - Hidetools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotspot Shield 5.20.22 Embedded (x32 Version: 5.20.22.9384 - Buildbot) Hidden
IDM Patch 6.25 build 03 (HKLM-x32\...\IDM Patch 6.25 build 03) (Version: build 03 - SandySeedings Team)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Remote Mouse version 2.702 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.702 - Remote Mouse)
SMADAV version 10.3.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.3.1 - SmadSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net (12/29/2009 8.0.0.279) (HKLM\...\BADC2853BAE2C2BA5C60113ADD1F3A253131BAAD) (Version: 12/29/2009 8.0.0.279 - Atheros Communications Inc.)
Windows Driver Package - Marvell (yukonw7) Net (04/16/2010 11.25.2.3) (HKLM\...\75E14D32AED1E199C9067D18261BF018CF8790C6) (Version: 04/16/2010 11.25.2.3 - Marvell)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {313A7B69-2B86-4E5A-8059-7A9358D199A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {344C2CC2-D7F1-42E7-838F-7BA2A6207E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4A6B2C31-DA73-4BEA-8DE1-0C68E395B6D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {7C01B44C-A1C9-4902-A904-90E05D79241F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {8CBF722D-75D4-4372-AF6C-8ADA8506E657} - System32\Tasks\SpyHunter4Startup => D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-06-05] (Enigma Software Group USA, LLC.)
Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe
Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] ()
Task: {F1649DBA-F2EC-4707-81E9-A7E468FDA95D} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-07-23 16:02 - 2014-07-23 16:02 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\system32\BsTrace.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\System32\BsTrace.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-16 17:01 - 2014-06-16 17:01 - 00353792 _____ () C:\Windows\system32\cPhoneSDK.dll
2014-06-16 17:01 - 2014-06-16 17:01 - 00086528 _____ () C:\Windows\system32\cPhoneSDKTL.dll
2014-06-16 17:01 - 2014-06-16 17:01 - 00194048 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\InstallApkWithcPhone.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00075512 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00019704 _____ () C:\Windows\system32\BsMobileCSps.dll
2015-11-10 22:30 - 2015-01-30 17:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-02-04 12:26 - 2010-02-04 12:26 - 00796160 _____ () C:\Program Files (x86)\Fast Windows Hider\fwh.exe
2014-07-25 10:11 - 2014-07-25 10:11 - 00367352 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2014-07-04 09:31 - 2014-07-04 09:31 - 00035672 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00813816 _____ () C:\Windows\SysWow64\BlueSoleilCSps.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00236280 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BaseLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00056056 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\ExtraLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\cscvt.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00016632 _____ () C:\Windows\SysWOW64\BsMobileCSps.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00039672 _____ () C:\Windows\SysWOW64\cPhoneSDKCSps.dll
2016-05-28 04:08 - 2016-05-28 04:08 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00162552 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00126200 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\s40pack.dll
2016-05-15 15:34 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-05-15 15:34 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-06-02 07:46 - 2016-06-01 10:50 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll
2016-06-02 07:46 - 2016-06-01 10:50 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 - 2016-06-07 08:22 - 00000283 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 systweak.com
127.0.0.1 updateservice1.systweak.com
127.0.0.1 www.systweak.com
127.0.0.1 systemspeedup.systweak.com
127.0.0.1 systweak.com/STCheckGenuineness

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{619DF3A2-EA35-4571-81A0-2AEBA500562F}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A050DB11-C8F2-42E4-A024-253474A426C3}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F0B0552-AD79-4C9F-B54E-D434B9A46810}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07C158E1-62E5-4C25-8E87-D000135A880B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9204912D-F6DE-4E1A-A787-4A113F4BC842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{74C7BCBE-CBCA-4096-96AD-9E17160CD78C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3288C64-3691-4B55-9AF0-B439C9548610}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{A18A3C48-DC92-4A75-B522-6760A7182279}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{5EEB583E-255E-49C3-9D80-DD98C6A75A5E}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{2482429A-F30A-49CA-A394-834D461B1235}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{05E02943-E1E5-4BD9-BEA3-E0890417FE26}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{5D1A0CBC-F00D-46E5-BD29-CEBAF22D9780}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{C35F0EEA-FDE1-407F-8FA0-E1C56F1FE121}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{C7206E1F-FF68-476E-A4AD-8CD20AA540AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{CE92CA78-3926-4BA1-AB58-8CED6B38DAE2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{F0C0ADE4-3F60-4215-B537-FA226D85ECF2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{1C049B5F-5ED4-4339-90E7-1B56BB008284}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{BF76EA96-C3DE-4AA1-B1DE-2BA745FA9CA5}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{8CF2DFE8-6221-4EE3-BB49-7743D5ADD51E}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{549FF6BA-2C88-4D63-A42A-F6785E9AF9A1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{2810A731-9980-40A8-B33F-234700808FD1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{2F555E2B-A281-4DA7-A84D-DAA0C5312407}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{FE4966BA-6F6F-494A-9634-77F0663789D1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{6F6FA86C-A174-427D-884E-7863EDB4D1B9}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{CA5D7E1E-008C-436A-9B8F-8C5020EEE2C1}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{566FDAA8-E9A4-44AA-9E21-628F491F8257}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8689E4BF-0CFE-4F55-9C0F-C4AFA0090686}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9598C890-8B65-4762-AF79-B452A24C4962}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1FFDDED-D56E-4964-B70B-220CDEC63208}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9134A64F-480B-4C7A-A065-74426A29F0DC}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3EF3BC81-D276-4050-B020-929C0C77F882}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BDAAB4C-0540-40FD-94D6-246719053F32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{96B3F11B-5AA5-48E5-AA54-6247BFE1D997}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{379BB141-FDF8-4D2B-BA79-35F4E1EA6F03}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
FirewallRules: [{8EA9652F-9DAC-46CB-AB4F-AE7BC881A15D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{716DB2A2-2355-4156-AC8D-4F27E25BA2C4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AEBD48FC-A853-428D-9922-64A4719C19CD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A512545D-B014-4B72-907B-FDCC80BE0BFE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{653360F2-59AC-4763-BFCA-8C201AD929E5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2016 07:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2016 08:01:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7715888

Error: (06/08/2016 08:01:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7715888

Error: (06/08/2016 08:01:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2016 08:01:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7714827

Error: (06/08/2016 08:01:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7714827

Error: (06/08/2016 08:01:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2016 08:01:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7713828

Error: (06/08/2016 08:01:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7713828

Error: (06/08/2016 08:01:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/08/2016 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/07/2016 01:05:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/07/2016 01:05:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/07/2016 01:03:35 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000020, 0xfffffa80092e41a0, 0xfffffa80092e41c0, 0x0000000004020006)C:\Windows\MEMORY.DMP

Error: (06/07/2016 01:03:35 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description:

Error: (06/07/2016 01:03:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:02:41 PM on ‎6/‎7/‎2016 was unexpected.

Error: (06/07/2016 08:31:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/06/2016 11:09:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/06/2016 12:51:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/05/2016 04:37:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

CodeIntegrity:
===================================
Date: 2016-05-14 09:39:52.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-14 09:05:06.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-14 08:57:17.474
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 22:50:53.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 22:05:58.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 20:54:26.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 20:45:44.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 16:05:22.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 15:04:49.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 09:48:51.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 62%
Total physical RAM: 4007.2 MB
Available physical RAM: 1495.03 MB
Total Virtual: 8012.61 MB
Available Virtual: 5084.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.87 GB) (Free:97.3 GB) NTFS
Drive d: () (Fixed) (Total:318.79 GB) (Free:298.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E861DA86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=318.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Please give me a feedback as soon as you can.

Thanks a lot!

Btw, i made a screencap of the two pop-up errors on my start up.
Unfortunately, i dont know how to include the image .jpeg file on this reply so i just put it on attachment,

Sorry if i include the attachment, i know i wasnt supposed to attached anything unless instructed to.
You may ignore the image file if you didnt want to check it.

But i appreciate if you do look at it.

Again, any response from your side is really appreciated.

Thanks.

Lance

#6
dbreeze

Posted 08 June 2016 - 08:03 PM

Trusted Helper

Malware Removal
2,216 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Hotspot Shield 5.20.22 Embedded
QuickTime 7

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Did you know that System Restore is disabled? We need to have this enabled (if possible) as a safety net for the following fixes.

Go to Start and type System in the search box.

Click on System (under Control Panel or Settings) and then on System Protection.

Click on Configure and then select Turn on system protection.

Click Apply and then OK.

In the System Protection screen, is Protection now On for the drive?

LAST >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
Hotspot Shield 5.20.22 Embedded (x32 Version: 5.20.22.9384 - Buildbot) Hidden
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-01] (Google Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [UZNmedia] => regsvr32.exe C:\Users\SONY\AppData\Local\UZNmedia\wzdheftk.dll <===== ATTENTION
C:\Users\SONY\AppData\Local\UZNmedia
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
C:\Users\SONY\AppData\Local\Itpksoft
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe
Hosts:
Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-08]
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-05-06]
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2875008 2016-05-28] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-05-28] ()
C:\Program Files (x86)\Hotspot Shield
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-19] (AnchorFree Inc.)
C:\Windows\System32\DRIVERS\hssdrv6.sys
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-09-19] (Anchorfree Inc.)
C:\Windows\System32\DRIVERS\taphss6.sys
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
C:\Windows\system32\drivers\efavdrv.sys
2016-06-07 08:21 - 2016-06-07 23:15 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
2016-06-07 08:19 - 2016-06-07 08:19 - 00006928 _____ C:\Users\SONY\Downloads\[kat.cr]dll.files.fixer.3.3.90.3079.multilingual.key.4realtorrentz.torrent
2016-06-06 08:48 - 2016-06-06 08:48 - 00004607 _____ C:\Users\SONY\Downloads\C94820438FFE28D9F796B0C56F717DB3C53EB164.torrent
2016-06-05 17:13 - 2016-06-05 17:15 - 00000000 ___HD C:\u9aRURXZcvFKJij5
2016-06-03 11:01 - 2016-06-03 11:01 - 00015218 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.v3.9.4.0.setup.crack.core.x.torrent
2016-06-03 11:01 - 2016-06-03 11:01 - 00012284 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.3.2.2.6.with.serial.torrent
2016-05-24 09:40 - 2016-05-24 09:40 - 00015961 _____ C:\Users\SONY\Downloads\[kat.cr]adobe.acrobat.xi.pro.11.0.16.multilingual.crack.torrent
2016-05-14 10:03 - 2016-06-05 09:24 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-05-14 10:02 - 2016-06-05 09:41 - 00000000 ____D C:\Windows\AutoKMS
2016-05-14 09:56 - 2016-05-14 09:56 - 00081166 _____ C:\Users\SONY\Downloads\[kat.cr]windows.7.professional.x64.with.key.torrent
2016-05-13 08:37 - 2016-05-13 08:37 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b (1).torrent
2016-05-13 08:36 - 2016-05-13 08:36 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b.torrent
C:\Users\Default\# DECRYPT MY FILES #.vbs
C:\Users\SONY\AppData\Local\Temp\certmgr.exe
C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE
C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE
C:\Users\SONY\AppData\Local\Temp\hss_update.exe
C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe
Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe
C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

#7
Lance Cabrera Fajardo

Posted 10 June 2016 - 12:17 AM

Member

Topic Starter
Member
29 posts

Hi dbreeze.

thanks for the response.

i did every step that you've instructed me to do so.

all of it,

but after running the FRST64 it needed to be restarted, and so i did,

but a strange thing happened, suddenly, i cannot connect to the wifi,

so what i did, is i tried the system restore on which i just turned on before doing the whole FRST64 thing.

and after i did, here i am while my laptop is now once again connected to the wifi with no issues.

i dont know if the wifi issues were related to the FRST64, anyway, here's the fixlog.txt that i saved a while ago.

Thanks

Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016

Ran by SONY (2016-06-10 09:46:56) Run:1

Running from C:\Users\SONY\Desktop

Loaded Profiles: SONY (Available Profiles: SONY)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

Hotspot Shield 5.20.22 Embedded (x32 Version: 5.20.22.9384 - Buildbot) Hidden

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-01] (Google Inc.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [UZNmedia] => regsvr32.exe C:\Users\SONY\AppData\Local\UZNmedia\wzdheftk.dll <===== ATTENTION

C:\Users\SONY\AppData\Local\UZNmedia

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

C:\Users\SONY\AppData\Local\Itpksoft

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe

Hosts:

Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\pdf.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-08]

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-05-06]

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl

CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]

R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2875008 2016-05-28] (AnchorFree Inc.)

S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-05-28] ()

C:\Program Files (x86)\Hotspot Shield

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-19] (AnchorFree Inc.)

C:\Windows\System32\DRIVERS\hssdrv6.sys

R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-09-19] (Anchorfree Inc.)

C:\Windows\System32\DRIVERS\taphss6.sys

S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

C:\Windows\system32\drivers\efavdrv.sys

2016-06-07 08:21 - 2016-06-07 23:15 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer

2016-06-07 08:19 - 2016-06-07 08:19 - 00006928 _____ C:\Users\SONY\Downloads\[kat.cr]dll.files.fixer.3.3.90.3079.multilingual.key.4realtorrentz.torrent

2016-06-06 08:48 - 2016-06-06 08:48 - 00004607 _____ C:\Users\SONY\Downloads\C94820438FFE28D9F796B0C56F717DB3C53EB164.torrent

2016-06-05 17:13 - 2016-06-05 17:15 - 00000000 ___HD C:\u9aRURXZcvFKJij5

2016-06-03 11:01 - 2016-06-03 11:01 - 00015218 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.v3.9.4.0.setup.crack.core.x.torrent

2016-06-03 11:01 - 2016-06-03 11:01 - 00012284 _____ C:\Users\SONY\Downloads\[kat.cr]iexplorer.3.2.2.6.with.serial.torrent

2016-05-24 09:40 - 2016-05-24 09:40 - 00015961 _____ C:\Users\SONY\Downloads\[kat.cr]adobe.acrobat.xi.pro.11.0.16.multilingual.crack.torrent

2016-05-14 10:03 - 2016-06-05 09:24 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS

2016-05-14 10:02 - 2016-06-05 09:41 - 00000000 ____D C:\Windows\AutoKMS

2016-05-14 09:56 - 2016-05-14 09:56 - 00081166 _____ C:\Users\SONY\Downloads\[kat.cr]windows.7.professional.x64.with.key.torrent

2016-05-13 08:37 - 2016-05-13 08:37 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b (1).torrent

2016-05-13 08:36 - 2016-05-13 08:36 - 00019905 _____ C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b.torrent

C:\Users\Default\# DECRYPT MY FILES #.vbs

C:\Users\SONY\AppData\Local\Temp\certmgr.exe

C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE

C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE

C:\Users\SONY\AppData\Local\Temp\hss_update.exe

C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe

Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe

C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}

cmd: ipconfig /flushdns

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state on

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

CMD: bitsadmin /reset /allusers

RemoveProxy:

EmptyTemp:

Reboot:

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF599C42-A2E5-4251-B7EE-4925A26807CB}\\SystemComponent => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value not found.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79 => value removed successfully

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UZNmedia => value not found.

"C:\Users\SONY\AppData\Local\UZNmedia" => not found.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acjworks => value removed successfully

"C:\Users\SONY\AppData\Local\Itpksoft" => not found.

"HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd}" => key removed successfully

HKCR\CLSID\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd} => key not found.

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.

"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully

HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.

"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully

Chrome Session Restore: => removed successfully

C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\ppGoogleNaClPluginChrome.dll => not found.

C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\pdf.dll => not found.

C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully

"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => not found.

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl => moved successfully

"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl" => not found.

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully

hshld => service removed successfully

HssTrayService => service removed successfully

C:\Program Files (x86)\Hotspot Shield => moved successfully

HssDRV6 => Service stopped successfully.

HssDRV6 => service removed successfully

C:\Windows\System32\DRIVERS\hssdrv6.sys => moved successfully

taphss6 => Unable to stop service.

taphss6 => service removed successfully

C:\Windows\System32\DRIVERS\taphss6.sys => moved successfully

efavdrv => service removed successfully

"C:\Windows\system32\drivers\efavdrv.sys" => not found.

C:\Program Files (x86)\Dll-Files.com Fixer => moved successfully

C:\Users\SONY\Downloads\[kat.cr]dll.files.fixer.3.3.90.3079.multilingual.key.4realtorrentz.torrent => moved successfully

C:\Users\SONY\Downloads\C94820438FFE28D9F796B0C56F717DB3C53EB164.torrent => moved successfully

C:\u9aRURXZcvFKJij5 => moved successfully

C:\Users\SONY\Downloads\[kat.cr]iexplorer.v3.9.4.0.setup.crack.core.x.torrent => moved successfully

C:\Users\SONY\Downloads\[kat.cr]iexplorer.3.2.2.6.with.serial.torrent => moved successfully

C:\Users\SONY\Downloads\[kat.cr]adobe.acrobat.xi.pro.11.0.16.multilingual.crack.torrent => moved successfully

C:\Windows\System32\Tasks\AutoKMS => moved successfully

C:\Windows\AutoKMS => moved successfully

C:\Users\SONY\Downloads\[kat.cr]windows.7.professional.x64.with.key.torrent => moved successfully

C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b (1).torrent => moved successfully

C:\Users\SONY\Downloads\9e425fa3e8c33383c81ad1d1917ddd578ef85e9b.torrent => moved successfully

C:\Users\Default\# DECRYPT MY FILES #.vbs => moved successfully

C:\Users\SONY\AppData\Local\Temp\certmgr.exe => moved successfully

C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE => moved successfully

C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE => moved successfully

C:\Users\SONY\AppData\Local\Temp\hss_update.exe => moved successfully

C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully

C:\Windows\System32\Tasks\AutoKMS => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully

C:\Windows\System32\Tasks\newdev => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\newdev" => key removed successfully

C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1} => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

EmptyTemp: => 2.4 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:49:15 ====

#8
dbreeze

Posted 10 June 2016 - 09:51 AM

Trusted Helper

Malware Removal
2,216 posts

Good that the System Restore was made and useful. We will check on the WiFi error in a bit.

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

LAST >>>>

Malwarebytes' Anti-Malware

Please start Malwarebytes' Anti-Malware.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

#9
Lance Cabrera Fajardo

Posted 11 June 2016 - 09:34 AM

Member

Topic Starter
Member
29 posts

I've done all of the 3 steps that you've provided me.

So far since my last reboot, only one pop-up error has been showing on my start up.

BTW, here are the logs/txt that i've gathered:

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 7 Professional x64

Ran by SONY (Administrator) on Sat 06/11/2016 at 18:37:39.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 57

Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut)

Successfully deleted: C:\Users\SONY\AppData\Local\crashrpt (Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20RCZKSO (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22ZFEYYQ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3GC3MH (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UK52CR8 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WOEQAQ0 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\774GUJ2J (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86TVACFQ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BX9FVS3 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0FQGKS7 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJQ6WJRL (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5JO80WG (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVKIWYMS (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5GU8DO6 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL985LOR (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QK1JIUZE (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3II4GRI (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3AWM4MI (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL91A1RE (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6LC65IU (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7BBXXM1 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA0U6D3I (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZZ81KPE (Temporary Internet Files Folder)

Successfully deleted: C:\Users\SONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7H18CZV (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20RCZKSO (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22ZFEYYQ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3GC3MH (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UK52CR8 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WOEQAQ0 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\774GUJ2J (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86TVACFQ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BX9FVS3 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0FQGKS7 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJQ6WJRL (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5JO80WG (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVKIWYMS (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5GU8DO6 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL985LOR (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QK1JIUZE (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3II4GRI (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3AWM4MI (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL91A1RE (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6LC65IU (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7BBXXM1 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA0U6D3I (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZZ81KPE (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7H18CZV (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79 (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/11/2016 at 18:40:01.90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner:

# AdwCleaner v5.119 - Logfile created 11/06/2016 at 18:50:41

# Updated 30/05/2016 by Xplode

# Database : 2016-06-10.1 [Server]

# Operating system : Windows 7 Professional Service Pack 1 (X64)

# Username : SONY - SUPERLANCE-PC

# Running from : C:\Users\SONY\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ParetoLogic

[#] Folder Deleted : C:\ProgramData\Application Data\ParetoLogic

[-] Folder Deleted : C:\Program Files (x86)\ParetoLogic

[-] Folder Deleted : C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK

[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{649CCF8F-C1C9-4275-88B7-31CA8B31154C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F44DC845-F9E1-4907-8D9C-1472F72E8326}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

[-] Key Deleted : HKCU\Software\ParetoLogic

[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Web browsers ] *****

[-] [C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

[-] [C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : zenmate.en.softonic.com

[-] [C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hola-unblocker.en.softonic.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2395 bytes] - [11/06/2016 18:50:41]

C:\AdwCleaner\AdwCleaner[S1].txt - [2422 bytes] - [11/06/2016 18:46:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2541 bytes] ##########

And from Malwarebytes:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/11/2016

Scan Time: 7:04 PM

Logfile: Malwarebytes Anti-Malware.txt

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.06.11.03

Rootkit Database: v2016.05.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: SONY

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 311407

Time Elapsed: 17 min, 46 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (0.0.0.0 keystone.mwbsys.com), Replaced,[a50ae3189bfeb18599a5b2d7857f6b95]

Physical Sectors: 0

(No malicious items detected)

(end)

Looking forward for your next reply!

Thanks a lot!

#10
dbreeze

Posted 11 June 2016 - 03:37 PM

Trusted Helper

Malware Removal
2,216 posts

FIRST >>>>

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Double click on the icon on your desktop.

Check (accept) the Terms of Use.

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked

Now click on: Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.

SECOND >>>>

We need to get a fresh scan from FRST.

If you still have the Addition.txt file on your desktop, please delete it now.
Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
Please check the Addition.txt in the Option Scan section of FRST.
Press the Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

LAST >>>>

How is your system running now?

#11
Lance Cabrera Fajardo

Posted 12 June 2016 - 06:06 AM

Member

Topic Starter
Member
29 posts

I did not proceed with the installation/download of ESET, because when i opened the link, this what has the link showed me:

It was different from the previous screen capture that you've provided me.

So i stopped before i make a mistake.

although, i did download two .exe files from which the link provided me:

these are

esetonlinescanner_enu.exe

and

eset_smart_security_live_installer.exe

but since i have doubts if i have the right software, i wanted to ask you first, which should i use?

Thanks!

#12
dbreeze

Posted 12 June 2016 - 01:59 PM

Trusted Helper

Malware Removal
2,216 posts

Thank you for bringing the web site update to my attention; I have updated my directions and hopefully there will be no confussion in the future.

Use the esetonlinescanner_enu.exe file and you should be fine from there. You can delete the other file from the ESET web site as that will install a trial version of their paid AV.

#13
Lance Cabrera Fajardo

Posted 13 June 2016 - 01:22 PM

Member

Topic Starter
Member
29 posts

Pardon me, i couldn't proceed with the installation, because i don't know if i should check the download the latest version of ESET Online Scanner or just click accept.

Thank you for you patience. Sorry, not a techie guy here.

#14
dbreeze

Posted 13 June 2016 - 04:52 PM

Trusted Helper

Malware Removal
2,216 posts

You can click on Accept; the app will download the latest definitions later.

Also, the options screen now looks like this. Please note what has been checked and not checked. You will have to click on "Show Advanced Settings" to see all the options. Once set just click Scan.

You can also find details from ESET at this KB site: http://support.eset....1/?locale=en_EN

When the report screen is shown at the end of the scan, please click on "Save to text file...." and post that report here.

#15
Lance Cabrera Fajardo

Posted 15 June 2016 - 08:17 AM

Member

Topic Starter
Member
29 posts

I run the ESET Online Scanner And been able to finish the scan,
while it was running, i saw 70+ threats found, but after it finishes, this blank screen/page always appears,
and there's nothing i can do about it but just to close it thru Task Manager.

I thought it was only for the first run, but i ran it again and the same thing happened.

I don't know what went wrong.