Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 error on startup - .dll files failed to load [Solved]


  • This topic is locked This topic is locked

#16
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

According to this ESET KB article (Online scanner FAQ) there should be a log file saved at the end of the scan to C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt .  Can you check there please?


  • 0

Advertisements


#17
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

There's no folder of ESET on my C:\Program Files (x86) folder, it's like it wasn't even installed.

But i'm sure i ran it trice, but same thing happened.


  • 0

#18
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Sorry for that; had the same issue myself and will check with ESET on what is going on.
 
In the meantime, let's move to a different scanner.

Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.

  • Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
  • Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
  • Once the scanner loads, allow it check for updates.
  • When the updates are finished, click the BACK button to return to the main menu.
  • Click on the SCAN and select Malware Scan to start scanning your system.  Please enable the PUA/PUP/PMA detection option.
  • If the scan finds anything, it will open a scan finding window.  Please click on View Report; copy this report and paste it here in reply post.
  • Please close the Emergency Kit Scanner program now.
     

  • 0

#19
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Done running the scan, here's the report:
 

Emsisoft Emergency Kit - Version 11.0
Last update: 6/17/2016 11:45:04 AM
User account: SUPERLANCE-PC\SONY
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 6/17/2016 11:50:06 AM
 
Scanned 73541
Found 0
 
Scan end: 6/17/2016 11:55:11 AM
Scan time: 0:05:05


Btw, the same pop up is still showing at start up if you may ask how's my system been. Thanks.

  • 0

#20
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

We need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#21
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

FRST.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by SONY (administrator) on SUPERLANCE-PC (18-06-2016 11:40:41)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Enigma Software Group USA, LLC.) D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Fast Windows Hider\fwh.exe
(BitTorrent Inc.) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Apple Inc.) D:\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [461560 2014-07-28] (IVT Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-11-10] (Tonec Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [837632 2015-11-18] (RemoteMouse.net)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Fast Windows Hider] => C:\Program Files (x86)\Fast Windows Hider\fwh.exe [796160 2010-02-04] ()
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [uTorrent] => C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe [1987584 2016-06-10] (BitTorrent Inc.)
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sh4native Sh4Removal
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2781238C-72DD-4803-89C0-FA08EBDE932C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7E844D01-7B0E-43FD-BA46-4013B6EA446B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected]
FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected] [2016-02-07] [not signed]
FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5 [2016-06-17] [not signed]
FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-06-17]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-06-13]
CHR Extension: (AdBlock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]
CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-05-01]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-18]
CHR Extension: (IDM Integration Module) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]
CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-07-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3246984 2014-07-28] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2014-07-23] (IVT Corporation)
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2014-07-23] (IVT Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 cPhoneSDKCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [281456 2014-06-16] (IVT Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2875008 2016-05-28] (AnchorFree Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29944 2014-06-24] (IVT Corporation.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44152 2014-07-14] (IVT Corporation.)
R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-02] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-19] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [120520 2013-06-20] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0045.sys [38432 2016-01-21] (SoftEther Corporation)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-31] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-09-19] (Anchorfree Inc.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 20:00 - 2016-06-17 20:00 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-17 11:40 - 2016-06-17 11:57 - 00000000 ____D C:\EEK
2016-06-17 11:35 - 2016-06-17 11:39 - 238762720 _____ C:\Users\SONY\Desktop\EmsisoftEmergencyKit.exe
2016-06-17 08:51 - 2016-06-17 08:51 - 00245238 _____ C:\Users\SONY\Downloads\[kat.cr]voltron.legendary.defender.s01.web.x264.deflate.ettv.torrent
2016-06-17 08:50 - 2016-06-17 08:50 - 00038191 _____ C:\Users\SONY\Downloads\Gods of Egypt (2016) [720p] [YTS.AG].torrent
2016-06-15 23:05 - 2016-06-15 23:05 - 00030843 _____ C:\Users\SONY\Downloads\Eye in the Sky (2015) [720p] [YTS.AG].torrent
2016-06-15 22:50 - 2016-06-15 22:50 - 00035717 _____ C:\Users\SONY\Downloads\The Finest Hours (2016) [720p] [YTS.AG].torrent
2016-06-15 22:49 - 2016-06-15 22:49 - 00028505 _____ C:\Users\SONY\Downloads\Kung Fu Panda 3 (2016) [720p] [YTS.AG].torrent
2016-06-15 21:22 - 2016-06-15 21:22 - 00004466 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e08.hdtv.x264.killers.ettv.torrent
2016-06-14 15:26 - 2016-06-14 15:26 - 00118387 _____ C:\Users\SONY\Downloads\51DAC0256289674920A46E3DE61E0E3CA7C96106.torrent
2016-06-13 23:19 - 2016-06-13 23:19 - 00000000 ____D C:\Users\SONY\AppData\Local\ESET
2016-06-12 23:56 - 2016-06-12 23:56 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\ProgramData\Intel
2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-06-12 23:54 - 2016-06-12 23:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\2C0A
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0C0A
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0C04
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0816
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0804
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0424
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041F
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041E
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041D
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041B
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0419
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0416
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0415
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0414
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0413
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0412
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0411
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0410
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040E
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040D
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040C
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040B
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040A
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0408
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0407
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0406
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0405
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0404
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0401
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2016-06-12 23:42 - 2016-06-12 23:42 - 08137528 _____ (Sony Corporation) C:\Users\SONY\Desktop\EP0000265238.exe
2016-06-12 23:42 - 2016-06-12 23:42 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-06-12 20:25 - 2016-06-12 20:25 - 03677248 _____ C:\Users\SONY\Desktop\AdwCleaner_2.exe
2016-06-12 15:09 - 2016-06-12 15:09 - 03017376 _____ (ESET) C:\Users\SONY\Desktop\eset_smart_security_live_installer.exe
2016-06-12 15:04 - 2016-06-12 15:04 - 06858912 _____ (ESET spol. s r.o.) C:\Users\SONY\Desktop\esetonlinescanner_enu.exe
2016-06-12 14:53 - 2016-06-12 14:53 - 00000756 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-06-12 14:53 - 2016-06-12 14:53 - 00000000 ____D C:\Program Files\Speccy
2016-06-12 14:52 - 2016-06-12 14:52 - 05111240 _____ (Piriform Ltd) C:\Users\SONY\Desktop\spsetup129.exe
2016-06-12 14:46 - 2016-06-12 14:47 - 106360936 _____ (Intel® Corporation) C:\Users\SONY\Desktop\Wireless_18.40.0_PROSet64_Win7.exe
2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\Users\SONY\AppData\Roaming\ATI
2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\Users\SONY\AppData\Local\ATI
2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\ProgramData\ATI
2016-06-11 23:22 - 2016-06-11 23:24 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-06-11 22:34 - 2016-06-11 22:34 - 00000000 ____D C:\Program Files\ATI
2016-06-11 22:31 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-11 22:31 - 2016-06-11 22:31 - 00000000 ____D C:\Intel
2016-06-11 22:30 - 2016-06-11 22:30 - 00000429 _____ C:\Users\SONY\Desktop\reply.txt
2016-06-11 22:08 - 2016-06-11 22:09 - 00080963 _____ C:\Users\SONY\Desktop\SUPERLANCE-PC.txt
2016-06-11 22:07 - 2016-06-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-11 22:06 - 2016-06-12 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-06-11 19:39 - 2016-06-11 19:39 - 00036265 _____ C:\Users\SONY\Desktop\MTB.txt
2016-06-11 19:24 - 2016-06-11 19:24 - 00001183 _____ C:\Users\SONY\Desktop\Malwarebytes Anti-Malware.txt
2016-06-11 18:56 - 2016-06-11 18:56 - 00002620 _____ C:\Users\SONY\Desktop\AdwCleaner[C1].txt
2016-06-11 18:54 - 2016-06-11 18:54 - 00014493 _____ C:\Users\SONY\Downloads\[kat.cr]malwarebytes.anti.malware.premium.v2.2.0.1024.2016.pre.activated.sweathand.torrent
2016-06-11 18:46 - 2016-06-13 23:11 - 00000000 ____D C:\AdwCleaner
2016-06-11 18:43 - 2016-06-11 18:43 - 00000000 ____D C:\Users\SONY\AppData\Local\CrashRpt
2016-06-11 18:40 - 2016-06-11 18:41 - 00009825 _____ C:\Users\SONY\Desktop\JRT.txt
2016-06-11 18:36 - 2016-06-11 18:36 - 03677248 _____ C:\Users\SONY\Desktop\AdwCleaner.exe
2016-06-11 18:35 - 2016-06-11 18:35 - 01610816 _____ (Malwarebytes) C:\Users\SONY\Desktop\JRT.exe
2016-06-10 09:46 - 2016-06-10 09:49 - 00013949 _____ C:\Users\SONY\Desktop\Fixlog.txt
2016-06-08 19:06 - 2016-06-18 11:40 - 00020777 _____ C:\Users\SONY\Desktop\FRST.txt
2016-06-08 19:06 - 2016-06-18 11:40 - 00000000 ____D C:\Users\SONY\Desktop\FRST-OlderVersion
2016-06-07 13:03 - 2016-06-07 13:03 - 450433116 _____ C:\Windows\MEMORY.DMP
2016-06-07 13:03 - 2016-06-07 13:03 - 00000000 ____D C:\Windows\Minidump
2016-06-07 08:58 - 2016-06-07 08:58 - 00002173 _____ C:\Users\SONY\Desktop\aswMBR.txt
2016-06-07 08:58 - 2016-06-07 08:58 - 00000512 _____ C:\Users\SONY\Desktop\MBR.dat
2016-06-07 08:44 - 2016-06-18 11:40 - 00000000 ____D C:\FRST
2016-06-07 08:44 - 2016-06-07 08:44 - 05200384 _____ (AVAST Software) C:\Users\SONY\Desktop\aswmbr.exe
2016-06-07 08:43 - 2016-06-18 11:40 - 02386944 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe
2016-06-07 08:21 - 2016-06-07 08:21 - 00000000 ____D C:\ProgramData\TEMP
2016-06-06 10:08 - 2016-06-06 10:08 - 00019844 _____ C:\Users\SONY\Downloads\[kat.cr]zootopia.2016.720p.bluray.950mb.shaanig.torrent
2016-06-06 10:06 - 2016-06-06 10:06 - 00017689 _____ C:\Users\SONY\Downloads\[kat.cr]just.the.3.of.us.2016.hdrip.buhaypirata.torrent
2016-06-06 07:52 - 2016-06-06 07:52 - 00000000 ____D C:\Users\SONY\Documents\Wondershare
2016-06-05 17:14 - 2016-06-05 17:14 - 00003284 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-06-05 17:14 - 2016-06-05 16:41 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
2016-06-05 17:13 - 2016-06-05 17:13 - 00036669 _____ C:\spyhunter.fix
2016-06-05 16:40 - 2016-06-05 16:40 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood (1).torrent
2016-06-05 16:36 - 2016-06-05 16:36 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood.torrent
2016-06-05 12:59 - 2016-06-13 18:56 - 00017687 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 21.xlsx
2016-06-05 12:59 - 2016-06-06 09:04 - 00016464 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 22.xlsx
2016-06-05 09:30 - 2016-06-06 09:04 - 00014828 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 20.xlsx
2016-06-05 09:26 - 2016-06-05 09:26 - 00028024 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal 10, 12 & 13 (AM & PM) May'16.xlsx
2016-06-03 12:04 - 2016-06-03 12:04 - 00068143 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.smackdown.2016.06.02.hdtv.x264.ebi.tjet.torrent
2016-06-03 11:09 - 2016-06-03 11:09 - 00000000 ____D C:\Users\SONY\AppData\Local\Macroplant_LLC
2016-06-03 11:06 - 2016-06-03 11:06 - 00000000 ____D C:\Users\SONY\AppData\LocalLow\Apple Computer
2016-06-03 10:32 - 2016-06-03 10:32 - 00001440 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-03 10:32 - 2016-06-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-03 10:31 - 2016-06-03 10:31 - 00000000 ____D C:\Program Files\iPod
2016-06-03 10:28 - 2016-06-03 10:28 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed] (1).torrent
2016-06-03 09:21 - 2016-06-12 19:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 09:20 - 2016-06-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-03 09:20 - 2016-06-11 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-03 09:20 - 2016-06-03 09:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-03 09:20 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 09:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 09:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-03 00:08 - 2016-06-03 00:08 - 00000020 ___SH C:\Users\SONY\ntuser.ini
2016-06-02 21:18 - 2016-06-02 21:18 - 00000000 _____ C:\autoexec.bat
2016-06-02 21:16 - 2016-06-02 21:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-02 20:46 - 2016-06-02 20:46 - 00000000 ____D C:\Users\SONY\AppData\Roaming\www.shadowexplorer.com
2016-06-02 20:28 - 2016-06-02 20:28 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-02 20:25 - 2016-06-02 20:25 - 49152216 _____ (Microsoft Corporation) C:\Users\SONY\Desktop\Windows-KB890830-x64-V5.36.exe
2016-06-02 20:24 - 2016-06-02 20:24 - 00000000 ____D C:\ProgramData\ESET
2016-06-02 20:17 - 2016-06-02 20:17 - 00012380 _____ C:\Users\Default\# DECRYPT MY FILES #.html
2016-06-02 20:17 - 2016-06-02 20:17 - 00010509 _____ C:\Users\Default\# DECRYPT MY FILES #.txt
2016-06-02 20:17 - 2016-06-02 20:17 - 00000216 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs
2016-06-02 20:17 - 2016-06-02 20:17 - 00000085 _____ C:\Users\Default\# DECRYPT MY FILES #.url
2016-06-02 19:54 - 2016-06-02 19:54 - 00003636 _____ C:\Windows\System32\Tasks\newdev
2016-06-01 23:12 - 2016-06-01 23:12 - 00020250 _____ C:\Users\SONY\Downloads\[kat.cr]love.is.blind.2016.hdrip.720p.x264.rsg.torrent
2016-06-01 23:11 - 2016-06-01 23:11 - 00023319 _____ C:\Users\SONY\Downloads\[kat.cr]beauty.and.the.bestie.2015.hdrip.x264.rsg.torrent
2016-06-01 23:11 - 2016-06-01 23:11 - 00022995 _____ C:\Users\SONY\Downloads\[kat.cr]all.you.need.is.pag.ibig.2015.hdrip.720p.x264.rsg.torrent
2016-06-01 23:10 - 2016-06-01 23:10 - 00027002 _____ C:\Users\SONY\Downloads\[kat.cr]the.prenup.2015.hdrip.720p.x264.rsg.torrent
2016-06-01 07:28 - 2016-06-01 07:28 - 00132007 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.2016.05.30.hdtv.x264.overtime.rartv.torrent
2016-05-30 20:41 - 2016-05-30 20:41 - 00173825 _____ C:\Users\SONY\Downloads\[kat.cr]ufc.fight.night.88.web.dl.h264.fight.bb.torrent
2016-05-30 20:40 - 2016-05-30 20:40 - 00004130 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e06.hdtv.x264.killers.ettv.torrent
2016-05-27 09:36 - 2016-05-27 09:36 - 00000000 _____ C:\Windows\maraes
2016-05-25 13:04 - 2016-05-25 13:04 - 00003469 _____ C:\Users\SONY\Downloads\63C89D7F5A4EE4574194376746CCFE0ADA0976F1.torrent
2016-05-24 16:22 - 2016-05-24 16:22 - 00020944 _____ C:\Users\SONY\Downloads\[kat.cr]gfrevenge.ava.taylor.screen.shot.torrent
2016-05-24 16:21 - 2016-05-24 16:21 - 00057871 _____ C:\Users\SONY\Downloads\[kat.cr]ava.taylor.2015.hd.720p.torrent
2016-05-24 16:17 - 2016-05-24 16:17 - 00044719 _____ C:\Users\SONY\Downloads\[kat.cr]teenslovemoney.ava.taylor.windy.city.snatch.07.08.2014.torrent
2016-05-24 16:17 - 2016-05-24 16:17 - 00017175 _____ C:\Users\SONY\Downloads\[kat.cr]tiny4k.ava.taylor.tiny.latina.07.01.2014.torrent
2016-05-24 16:16 - 2016-05-24 16:16 - 00016195 _____ C:\Users\SONY\Downloads\[kat.cr]povd.ava.taylor.in.loft.[bleep]ing.torrent
2016-05-24 16:15 - 2016-05-24 16:15 - 00114217 _____ C:\Users\SONY\Downloads\[kat.cr]exploited18.14.03.12.ava.taylor.xxx.1080p.mp4.ktr.torrent
2016-05-24 16:13 - 2016-05-24 16:13 - 00009632 _____ C:\Users\SONY\Downloads\[kat.cr]cfnmteens.ava.taylor.vacation.time.office.quickie.torrent
2016-05-24 16:10 - 2016-05-24 16:10 - 00011604 _____ C:\Users\SONY\Downloads\[kat.cr]therealworkout.ava.taylor.sorry.about.your.balls.torrent
2016-05-24 09:54 - 2016-05-24 09:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-24 09:42 - 2016-05-24 09:42 - 00000000 ____D C:\Users\SONY\Tracing
2016-05-24 09:41 - 2016-05-24 09:41 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil voip
2016-05-24 09:38 - 2016-05-24 09:38 - 00118613 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.hdtv.x264.fmn.tjet.torrent
2016-05-24 09:36 - 2016-05-24 09:36 - 00169083 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.720p.hdtv.x264.fmn.tjet.torrent
2016-05-23 15:39 - 2016-05-23 15:39 - 00004723 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e05.hdtv.x264.killers.ettv.torrent
2016-05-23 11:56 - 2016-05-23 11:56 - 00180829 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.extreme.rules.2016.ppv.web.h264.heel.tjet.torrent
2016-05-20 21:09 - 2016-05-20 21:09 - 00016865 _____ C:\Users\SONY\Downloads\60de7fc58c58e6f59ca33bdcace82c35be959a9b-Trigun-Complete-[Dual].torrent
2016-05-20 01:13 - 2016-05-20 01:13 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed].torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-18 11:41 - 2016-05-16 10:00 - 00000000 ____D C:\Users\SONY\AppData\Roaming\uTorrent
2016-06-18 11:41 - 2015-11-10 22:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-18 11:00 - 2015-11-10 22:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-18 05:41 - 2015-11-10 22:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-18 04:49 - 2015-11-10 22:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 04:49 - 2015-11-10 22:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 20:00 - 2015-11-10 22:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 20:00 - 2015-11-10 22:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 20:00 - 2015-11-10 22:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 13:19 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc
2016-06-17 11:42 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\DMCache
2016-06-17 08:34 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 08:34 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 08:31 - 2014-07-28 17:39 - 00001628 _____ C:\Windows\SysWOW64\bscs.ini
2016-06-17 08:28 - 2016-02-07 23:04 - 00006493 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2016-06-17 08:28 - 2016-02-07 23:04 - 00000105 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2016-06-17 08:27 - 2015-11-10 22:40 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-06-17 08:26 - 2009-07-14 09:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-17 08:26 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-16 21:52 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf
2016-06-13 07:24 - 2009-07-14 09:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-12 23:56 - 2016-05-14 10:17 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Intel
2016-06-12 23:55 - 2016-05-14 10:16 - 00000000 ____D C:\Program Files\Intel
2016-06-12 23:43 - 2016-02-24 18:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-12 23:43 - 2011-04-12 12:17 - 00000000 ____D C:\Windows\system32\0409
2016-06-12 20:30 - 2016-01-21 23:54 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-06-11 23:54 - 2015-11-10 22:14 - 00000000 ____D C:\Users\SONY
2016-06-11 23:52 - 2016-02-07 23:01 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil
2016-06-11 23:52 - 2016-01-21 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2016-06-11 23:52 - 2016-01-21 23:29 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files\TAP-Windows
2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files (x86)\betternet
2016-06-11 23:52 - 2015-11-10 22:22 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-06-11 23:51 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration
2016-06-11 23:33 - 2016-02-24 18:53 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-06-10 10:08 - 2016-05-14 10:02 - 00000000 ____D C:\Windows\AutoKMS
2016-06-08 19:00 - 2009-07-14 08:45 - 00414656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-08 08:02 - 2015-11-11 00:35 - 00108840 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 23:22 - 2016-02-02 23:30 - 00000000 ____D C:\ProgramData\Adobe
2016-06-07 23:16 - 2016-01-21 23:27 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-06-06 12:49 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Video
2016-06-05 13:44 - 2016-02-06 20:37 - 00000573 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2016-06-05 09:24 - 2016-05-14 10:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-06-03 11:03 - 2015-11-21 17:44 - 00000000 ____D C:\Users\SONY\AppData\Roaming\WinRAR
2016-06-03 10:31 - 2016-04-15 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-03 10:31 - 2015-11-13 11:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 10:24 - 2016-05-16 18:07 - 00000000 ____D C:\Users\SONY\Downloads\Daimos
2016-06-03 10:24 - 2016-05-15 15:34 - 00000000 ____D C:\Users\SONY\AppData\Roaming\HYXDevPsnList
2016-06-03 10:24 - 2016-05-14 11:05 - 00000000 ____D C:\Users\SONY\Documents\Kalihiman
2016-06-03 10:24 - 2016-02-24 19:58 - 00000000 ____D C:\Users\SONY\AppData\Roaming\InputMapper
2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Compressed
2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\IDM
2016-06-03 10:24 - 2015-11-13 13:48 - 00000000 ____D C:\Users\SONY\Downloads\Internet Download Manager (IDM) 6.25 Build 3 Registered (32bit + 64bit Patch) [CrackingPatching]
2016-06-03 10:24 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Skype
2016-06-03 10:10 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\Web
2016-05-29 08:23 - 2015-11-10 22:40 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 13:26 - 2016-01-21 23:54 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-05-24 09:58 - 2016-02-02 23:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-24 09:53 - 2016-02-02 23:27 - 00000000 ____D C:\Users\SONY\Desktop\Adobe Acrobat XI
 
==================== Files in the root of some directories =======
 
2007-08-17 03:00 - 2007-08-17 03:00 - 0001669 _____ () C:\Users\SONY\AppData\Roaming\CranageInadvertency.LLw
1994-03-11 04:00 - 1994-03-11 04:00 - 0053252 _____ () C:\Users\SONY\AppData\Roaming\Introvert.J
1986-03-18 04:00 - 1986-03-18 04:00 - 0002274 _____ () C:\Users\SONY\AppData\Roaming\PrivetOdor.SXy
1992-04-05 03:00 - 1992-04-05 03:00 - 0049764 _____ () C:\Users\SONY\AppData\Roaming\RedeAria.FHs
2013-05-27 03:00 - 2013-05-27 03:00 - 0049883 _____ () C:\Users\SONY\AppData\Roaming\Submersible.rFx
2012-06-16 03:00 - 2012-06-16 03:00 - 0002267 _____ () C:\Users\SONY\AppData\Roaming\Temporary.5
2015-11-15 18:18 - 2015-11-15 18:18 - 0000017 _____ () C:\Users\SONY\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\Default\# DECRYPT MY FILES #.vbs
 
 
Some files in TEMP:
====================
C:\Users\SONY\AppData\Local\Temp\certmgr.exe
C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE
C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE
C:\Users\SONY\AppData\Local\Temp\hss_update.exe
C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 00:23
 
==================== End of FRST.txt ============================


Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by SONY (2016-06-18 11:41:57)
Running from C:\Users\SONY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-11-10 18:14:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2633912966-161357401-2138039649-500 - Administrator - Disabled)
Guest (S-1-5-21-2633912966-161357401-2138039649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2633912966-161357401-2138039649-1002 - Limited - Enabled)
SONY (S-1-5-21-2633912966-161357401-2138039649-1000 - Administrator - Enabled) => C:\Users\SONY
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\uTorrent) (Version: 3.4.8.42382 - BitTorrent Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Betternet (HKLM-x32\...\Betternet) (Version:  - )
BlueSoleil 10.0.479.1 (HKLM\...\{9453A661-550D-4FB9-BC91-3C1EEDF2ABDB}) (Version: 10.0.479.1 - IVT Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Fast Windows Hider 3.9 (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Fast Windows Hider) (Version: 3.9 - Hidetools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotspot Shield 5.20.22 Embedded (x32 Version: 5.20.22.9384 - Buildbot) Hidden
IDM Patch 6.25 build 03 (HKLM-x32\...\IDM Patch 6.25 build 03) (Version: build 03 - SandySeedings Team)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Remote Mouse version 2.702 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.702 - Remote Mouse)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
SMADAV version 10.3.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.3.1 - SmadSoft)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (12/29/2009 8.0.0.279) (HKLM\...\BADC2853BAE2C2BA5C60113ADD1F3A253131BAAD) (Version: 12/29/2009 8.0.0.279 - Atheros Communications Inc.)
Windows Driver Package - Marvell (yukonw7) Net  (04/16/2010 11.25.2.3) (HKLM\...\75E14D32AED1E199C9067D18261BF018CF8790C6) (Version: 04/16/2010 11.25.2.3 - Marvell)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {313A7B69-2B86-4E5A-8059-7A9358D199A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {344C2CC2-D7F1-42E7-838F-7BA2A6207E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4A6B2C31-DA73-4BEA-8DE1-0C68E395B6D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {7C01B44C-A1C9-4902-A904-90E05D79241F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {8CBF722D-75D4-4372-AF6C-8ADA8506E657} - System32\Tasks\SpyHunter4Startup => D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-06-05] (Enigma Software Group USA, LLC.)
Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe
Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] ()
Task: {F1649DBA-F2EC-4707-81E9-A7E468FDA95D} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-23 16:02 - 2014-07-23 16:02 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\system32\BsTrace.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\System32\BsTrace.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-11-10 22:30 - 2015-01-30 17:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-02-04 12:26 - 2010-02-04 12:26 - 00796160 _____ () C:\Program Files (x86)\Fast Windows Hider\fwh.exe
2014-06-16 17:01 - 2014-06-16 17:01 - 00353792 _____ () C:\Windows\system32\cPhoneSDK.dll
2014-06-16 17:01 - 2014-06-16 17:01 - 00086528 _____ () C:\Windows\system32\cPhoneSDKTL.dll
2014-06-16 17:01 - 2014-06-16 17:01 - 00194048 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\InstallApkWithcPhone.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00075512 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00019704 _____ () C:\Windows\system32\BsMobileCSps.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2014-07-25 10:11 - 2014-07-25 10:11 - 00367352 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00813816 _____ () C:\Windows\SysWow64\BlueSoleilCSps.dll
2014-07-04 09:31 - 2014-07-04 09:31 - 00035672 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00236280 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BaseLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00056056 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\ExtraLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\cscvt.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00016632 _____ () C:\Windows\SysWOW64\BsMobileCSps.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00039672 _____ () C:\Windows\SysWOW64\cPhoneSDKCSps.dll
2016-05-28 04:08 - 2016-05-28 04:08 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00162552 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00126200 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\s40pack.dll
2016-05-15 15:34 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-05-15 15:34 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-06-09 01:44 - 2016-06-04 05:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-09 01:44 - 2016-06-04 05:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 17:56 - 2015-04-13 17:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00084928 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00034752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00961472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 01303488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-04-13 17:57 - 2015-04-13 17:57 - 00088512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00363456 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2015-04-13 18:00 - 2015-04-13 18:00 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00772544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00702400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00125376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00064448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00030656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2015-04-13 17:58 - 2015-04-13 17:58 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 17:59 - 2015-04-13 17:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 06:34 - 2016-06-07 08:22 - 00000283 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1                   systweak.com
127.0.0.1                   updateservice1.systweak.com
127.0.0.1                   www.systweak.com
127.0.0.1                   systemspeedup.systweak.com
127.0.0.1                   systweak.com/STCheckGenuineness
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{619DF3A2-EA35-4571-81A0-2AEBA500562F}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A050DB11-C8F2-42E4-A024-253474A426C3}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F0B0552-AD79-4C9F-B54E-D434B9A46810}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07C158E1-62E5-4C25-8E87-D000135A880B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9204912D-F6DE-4E1A-A787-4A113F4BC842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{74C7BCBE-CBCA-4096-96AD-9E17160CD78C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3288C64-3691-4B55-9AF0-B439C9548610}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{A18A3C48-DC92-4A75-B522-6760A7182279}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{5EEB583E-255E-49C3-9D80-DD98C6A75A5E}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{2482429A-F30A-49CA-A394-834D461B1235}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{05E02943-E1E5-4BD9-BEA3-E0890417FE26}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{5D1A0CBC-F00D-46E5-BD29-CEBAF22D9780}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{C35F0EEA-FDE1-407F-8FA0-E1C56F1FE121}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{C7206E1F-FF68-476E-A4AD-8CD20AA540AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{CE92CA78-3926-4BA1-AB58-8CED6B38DAE2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{F0C0ADE4-3F60-4215-B537-FA226D85ECF2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{1C049B5F-5ED4-4339-90E7-1B56BB008284}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{BF76EA96-C3DE-4AA1-B1DE-2BA745FA9CA5}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{8CF2DFE8-6221-4EE3-BB49-7743D5ADD51E}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{549FF6BA-2C88-4D63-A42A-F6785E9AF9A1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{2810A731-9980-40A8-B33F-234700808FD1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{2F555E2B-A281-4DA7-A84D-DAA0C5312407}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [TCP Query User{6F6FA86C-A174-427D-884E-7863EDB4D1B9}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{CA5D7E1E-008C-436A-9B8F-8C5020EEE2C1}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{566FDAA8-E9A4-44AA-9E21-628F491F8257}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8689E4BF-0CFE-4F55-9C0F-C4AFA0090686}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9598C890-8B65-4762-AF79-B452A24C4962}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1FFDDED-D56E-4964-B70B-220CDEC63208}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9134A64F-480B-4C7A-A065-74426A29F0DC}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3EF3BC81-D276-4050-B020-929C0C77F882}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96B3F11B-5AA5-48E5-AA54-6247BFE1D997}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{379BB141-FDF8-4D2B-BA79-35F4E1EA6F03}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
FirewallRules: [{8EA9652F-9DAC-46CB-AB4F-AE7BC881A15D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{716DB2A2-2355-4156-AC8D-4F27E25BA2C4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AEBD48FC-A853-428D-9922-64A4719C19CD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A512545D-B014-4B72-907B-FDCC80BE0BFE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{653360F2-59AC-4763-BFCA-8C201AD929E5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{32242E73-6F2F-4A02-9757-7A87A6C63B6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{ACBBC1A7-0B56-4375-BE10-864DEDE455D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-06-2016 09:47:00 Restore Point Created by FRST
10-06-2016 10:04:47 Restore Operation
11-06-2016 18:37:44 JRT Pre-Junkware Removal
11-06-2016 23:47:18 Restore Operation
12-06-2016 23:42:50 Installed Renesas Electronics USB 3.0 Host Controller Driver
12-06-2016 23:45:32 Removed Intel® PROSet/Wireless WiFi Software.
12-06-2016 23:53:40 Intel® PROSet/Wireless Software
 
==================== Faulty Device Manager Devices =============
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: IVT_Virtual_0000
Description: IVT_Virtual_0000
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2016 08:26:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2016 09:48:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c7c
 
Start Time: 01d1c7e8ebb396d3
 
Termination Time: 484
 
Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe
 
Report Id:
 
Error: (06/16/2016 12:30:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/16/2016 12:30:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/16/2016 12:30:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/16/2016 12:30:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (06/15/2016 10:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2016 07:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20e0
 
Start Time: 01d1c6ed6fd05375
 
Termination Time: 49
 
Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe
 
Report Id:
 
Error: (06/15/2016 02:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 28c8
 
Start Time: 01d1c6e312675878
 
Termination Time: 159
 
Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe
 
Report Id:
 
Error: (06/13/2016 12:39:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
 
System errors:
=============
Error: (06/17/2016 08:25:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/16/2016 08:07:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/16/2016 08:07:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SONY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/16/2016 08:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/16/2016 08:07:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SONY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/16/2016 08:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/16/2016 08:06:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SONY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/16/2016 08:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/16/2016 08:06:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SONY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/16/2016 08:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
 
CodeIntegrity:
===================================
  Date: 2016-05-14 09:39:52.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 09:05:06.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 08:57:17.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 22:50:53.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 22:05:58.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 20:54:26.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 20:45:44.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 16:05:22.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 15:04:49.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 09:48:51.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 78%
Total physical RAM: 4007.2 MB
Available physical RAM: 874.88 MB
Total Virtual: 8012.61 MB
Available Virtual: 4300.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.87 GB) (Free:87.26 GB) NTFS
Drive d: () (Fixed) (Total:318.79 GB) (Free:296.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E861DA86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=318.8 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 


  • 0

#22
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
  • Download SecurityCheck by glax24 here and save utility on your Desktop
  • Double-click it (For Windows XP users) or right-click and choose Run As Administrator (For Windows Vista/7 users)
  • Do not block the utility by your Firewall warnings (if any).
  • Wait for the end of scan. Log SecurityCheck.txt will be open in the Notepad;
  • In case you close the Notepad you can find a log in the system root folder named  SecurityCheck,  for example C:\SecurityCheck\SecurityCheck.txt
  • Copy its contents to your next post.

  • 0

#23
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 19.06.2016 15:33:25
Path starting: C:\Users\SONY\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: SONY
VersionXML: 3.09is-18.06.2016
___________________________________________________________________________
 
Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)
Installation date OS: 10.11.2015 18:14:48
LicenseStatus: Windows® 7, Professional edition Volume activation will expire : 238680 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [146.9 Gb] Used: [59.7 Gb] Free: [87.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 8.0.7601.17514 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatic Updates disabled
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.4763.1000
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and out of date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.00 beta 6 (64-bit) v.5.00.6 Warning! Download Update
VLC media player v.2.2.1 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Hotspot Shield 5.20.22 Embedded v.5.20.22.9384 Warning! This app can show ads.
Hotspot Shield Service (hshld) - The service is running
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.8.42382 Warning! P2P-client.
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.4.1.6
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 ActiveX v.22.0.0.192
Adobe Flash Player 22 NPAPI v.22.0.0.192
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.103
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.84
------------------ [ AntivirusFirewallProcessServices ] -------------------
MBAMScheduler (MBAMScheduler) - The service has stopped
MBAMService (MBAMService) - The service has stopped
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe v.4.21.10.4585
----------------------------- [ End of Log ] ------------------------------

  • 0

#24
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Download the attached fixlist.txt file and save it to the Desktop.  ==>>  Attached File  Fixlist.txt   3.98KB   29 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 


  • 0

#25
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by SONY (2016-06-20 14:51:17) Run:2
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY (Available Profiles: SONY)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.)
Unlock: HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
Unlock: C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll
C:\Users\SONY\AppData\Local\Itpksoft
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe
Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-18]
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X]
C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
C:\Windows\system32\drivers\efavdrv.sys
C:\Users\Default\# DECRYPT MY FILES #.vbs
C:\Users\SONY\AppData\Local\Temp\certmgr.exe
C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE
C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE
C:\Users\SONY\AppData\Local\Temp\hss_update.exe
C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe
Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe
C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}
Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] ()
C:\Users\SONY\Downloads\Compressed\DS4Windows_2
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79 => value removed successfully
HKU\Unlock: S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Unlock: Acjworks => value not found.
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acjworks => value removed successfully
"C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll" => not found.
"C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll" => not found.
"C:\Users\SONY\AppData\Local\Itpksoft" => not found.
"HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd}" => key removed successfully
HKCR\CLSID\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd} => key not found. 
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.
Chrome Session Restore: => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => not found.
C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
HssTrayService => service removed successfully
WsDrvInst => service removed successfully
"C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE" => not found.
"C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe" => not found.
efavdrv => service removed successfully
"C:\Windows\system32\drivers\efavdrv.sys" => not found.
C:\Users\Default\# DECRYPT MY FILES #.vbs => moved successfully
C:\Users\SONY\AppData\Local\Temp\certmgr.exe => moved successfully
C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE => moved successfully
C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE => moved successfully
C:\Users\SONY\AppData\Local\Temp\hss_update.exe => moved successfully
C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Windows\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully
C:\Windows\System32\Tasks\newdev => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\newdev" => key removed successfully
"C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFD39FC8-C264-485A-9F85-5AC6986EC6E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFD39FC8-C264-485A-9F85-5AC6986EC6E1}" => key removed successfully
C:\Windows\System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC3453B8-21D7-43FE-86C0-29531ECD6A70}" => key removed successfully
C:\Users\SONY\Downloads\Compressed\DS4Windows_2 => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10603974 B
Java, Flash, Steam htmlcache => 1271 B
Windows/system/drivers => 2406635 B
Edge => 0 B
Chrome => 325315579 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82612 B
systemprofile32 => 336283 B
LocalService => 66228 B
NetworkService => 10662 B
SONY => 1177262644 B
 
RecycleBin => 215075 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:53:57 ====

  • 0

Advertisements


#26
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Are you still seeing the error at start up?


  • 0

#27
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hello,

First of all, let me say thank you for your help, 

you've been very patient on me regarding my system's problem.

 

So far after running that fix, i guess it cleared all of those nasty unwanted pop-ups.

I really appreciate what you've done here,

 

Thanks dbreeze!

and to the whole geekstogo gang! 

You Guys Rock!

Regards,

Lance

 


  • 0

#28
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

  • Download Delfix from here or here
    to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0

#29
Lance Cabrera Fajardo

Lance Cabrera Fajardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

WOAH!

You're so good my friend,

I only thought you'd only fix/solve my problems, 

but now you've given me a lot of insights about my pc,

You've given me a couple of useful software on which i think would be really helpful in giving me a worry free pc.

Ok, first,

ESET was already uninstalled before.

Next,

Here's the log for the Delfix:
 

# DelFix v1.013 - Logfile created 22/06/2016 at 12:22:42
# Updated 17/04/2016 by Xplode
# Username : SONY - SUPERLANCE-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\Users\SONY\Desktop\FRST-OlderVersion
Deleted : C:\Users\SONY\Desktop\AdwCleaner.exe
Deleted : C:\Users\SONY\Desktop\AdwCleaner_2.exe
Deleted : C:\Users\SONY\Desktop\aswmbr.exe
Deleted : C:\Users\SONY\Desktop\FRST64.exe
Deleted : C:\Users\SONY\Desktop\JRT.exe
Deleted : C:\Users\SONY\Desktop\MBR.dat
Deleted : C:\Users\SONY\Desktop\SecurityCheck.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


Next,

I had to admit, previously, i turned off my windows update, because sometimes, i thought it was just annoying, and few other times before,
after a certain windows update, suddenly my pc is getting slower and sometimes my only option is to restore it. Since i'm not a techie guy, i thought that windows updates were messing with my pc more than helping it, so i turned it off. But now with your advice, i think i'll just leave it ON and let it do it's job.

Next,

Was never been a fan of Java, so since then i was not installing it, because i heard a couple of problems that were attached to it. So were clear with this one.

Next,

Before, i was installing Adobe Acrobat (but only the pirated ones), so i thought i was fine with that, but i think it was that same software that got me into troubles, so instead of using it and the Adobe Reader, i'll just use what you've suggested; i've installed Sumatra PDF, and it seems pretty decent for a free software, so HUGE THANKS for that!

Next,

I downloaded, installed and tried Heimdal Free,
it shows that my software installed are all up to date, but it's still good to know that i have this kind of app on which i can use to check the status of the currently installed programs on my pc.

Now, here's a tricky one.

January this year when my original Hard Drive (C.) was corrupted, so had no choice but to replaced it, 
an IT friend of mine installed it and provide the other software that my PC needed, 

then here's my QUESTION, 
He then installed SMADAV
SMADAV.jpg

as my AntiVIrus, previously, i think i was Using Avast or something,
and as i've mentioned being not a techie guy, i thought having this current AntiVirus is OK, 
but since you're the expert, what are your thoughts on this?
Should i keep this SMADAV? or try what you've suggested:

"First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus"
 
Next, 

I've checked, my Windows Firewall are Turned On, so i think i have no more questions about this.

Next,

Unchecky, Done, Downloaded and Installed.

Next,

Here's another tricky one, i wasn't aware before of this ransomware and this kind of BS (pardon me), so i think most of my issues started when i became a victim of one of this ransomware few months ago, 
So as i can recall, i was browsing, then suddenly a pop up message come up and when i checked my files, all of it or most of it were DECRYPTED, word, excel, pdf, music files, images etc. 
I tried to look online for any solutions on that issue, but came up being hopeless, so i had no choice, because as i read, i shouldn't buy those silly software just to decrypt my files, so i didn't but i couldn't retrieved all of my files so i had no choice but to give up and delete ALL, i mean all of my files.
Twas a very unfortunate incident, and i wish i never became a victim of that malware/ransomware.
So right now, suggesting/giving me this CryptoPrevent might just actually help me in the future, on hoping not to get being victimized by these kind of virus/malwares. 

Lastly, 

I already have MalwareBytes Antimalware, and i'm using Chrome as my browser instead of Firefox, so i guess that would be all.

Again, lots of thanks and appreciation to you my friend.
Sorry for my other concerns.
and thanks for the response!
 

  • 0

#30
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

I would recommend uninstalling SmadAV and installing Avast Free (my personal choice but you can choose either of the two mentioned). 

 

Why those?  First, they are free and fully functional as AntiVirus software; no need to buy anything to get full AV functions.  They are also tested and ranked by Independant Testing organizations that are well known and respected in the Anti-Malware communities; AV-Comparatives.org and AV-Test.org being two research labs you can look at their open testing and results.

 

Good to know about all the rest you have learned / done.  Any other questions?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP