Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 error on startup - .dll files failed to load [Solved]

Started by Lance Cabrera Fajardo , Jun 06 2016 11:07 PM

This topic is locked

#16
dbreeze

Posted 15 June 2016 - 09:23 AM

Trusted Helper

Malware Removal
2,216 posts

According to this ESET KB article (Online scanner FAQ) there should be a log file saved at the end of the scan to C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt . Can you check there please?

#17
Lance Cabrera Fajardo

Posted 16 June 2016 - 11:47 AM

Member

Topic Starter
Member
29 posts

There's no folder of ESET on my C:\Program Files (x86) folder, it's like it wasn't even installed.

But i'm sure i ran it trice, but same thing happened.

#18
dbreeze

Posted 17 June 2016 - 01:06 AM

Trusted Helper

Malware Removal
2,216 posts

Sorry for that; had the same issue myself and will check with ESET on what is going on.

In the meantime, let's move to a different scanner.

Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.

Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
Once the scanner loads, allow it check for updates.
When the updates are finished, click the BACK button to return to the main menu.
Click on the SCAN and select Malware Scan to start scanning your system. Please enable the PUA/PUP/PMA detection option.
If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
Please close the Emergency Kit Scanner program now.

#19
Lance Cabrera Fajardo

Posted 17 June 2016 - 01:56 AM

Member

Topic Starter
Member
29 posts

Done running the scan, here's the report:

Emsisoft Emergency Kit - Version 11.0

Last update: 6/17/2016 11:45:04 AM

User account: SUPERLANCE-PC\SONY

Scan settings:

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

Scan start: 6/17/2016 11:50:06 AM

Scanned 73541

Found 0

Scan end: 6/17/2016 11:55:11 AM

Scan time: 0:05:05

Btw, the same pop up is still showing at start up if you may ask how's my system been. Thanks.

#20
dbreeze

Posted 17 June 2016 - 03:24 PM

Trusted Helper

Malware Removal
2,216 posts

We need to get a fresh scan from FRST.

If you still have the Addition.txt file on your desktop, please delete it now.
Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
Please check the Addition.txt in the Option Scan section of FRST.
Press the Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#21
Lance Cabrera Fajardo

Posted 18 June 2016 - 01:50 AM

Member

Topic Starter
Member
29 posts

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01

Ran by SONY (administrator) on SUPERLANCE-PC (18-06-2016 11:40:41)

Running from C:\Users\SONY\Desktop

Loaded Profiles: SONY (Available Profiles: SONY)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

(Enigma Software Group USA, LLC.) D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe

(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe

(Apple Inc.) D:\iTunes\iTunesHelper.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Fast Windows Hider\fwh.exe

(BitTorrent Inc.) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(Apple Inc.) D:\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [461560 2014-07-28] (IVT Corporation)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-11-10] (Tonec Inc.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [837632 2015-11-18] (RemoteMouse.net)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Fast Windows Hider] => C:\Program Files (x86)\Fast Windows Hider\fwh.exe [796160 2010-02-04] ()

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [uTorrent] => C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe [1987584 2016-06-10] (BitTorrent Inc.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe

Lsa: [Notification Packages] scecli IVTCredentialProvider

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-14]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{2781238C-72DD-4803-89C0-FA08EBDE932C}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{7E844D01-7B0E-43FD-BA46-4013B6EA446B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected]

FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected] [2016-02-07] [not signed]

FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5 [2016-06-17] [not signed]

FF HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]

Chrome:

=======

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File

CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-06-17]

CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-06-13]

CHR Extension: (AdBlock) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]

CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-05-01]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-18]

CHR Extension: (IDM Integration Module) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]

CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-07-23]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3246984 2014-07-28] (IVT Corporation)

R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2014-07-23] (IVT Corporation)

R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2014-07-23] (IVT Corporation)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)

R2 cPhoneSDKCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [281456 2014-06-16] (IVT Corporation)

R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2875008 2016-05-28] (AnchorFree Inc.)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()

S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)

S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]

S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)

R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)

S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)

R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29944 2014-06-24] (IVT Corporation.)

R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44152 2014-07-14] (IVT Corporation.)

R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-02] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-19] (AnchorFree Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)

R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)

R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)

R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)

R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [120520 2013-06-20] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0045.sys [38432 2016-01-21] (SoftEther Corporation)

S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]

R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-31] (Synaptics Incorporated)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-09-19] (Anchorfree Inc.)

S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)

S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 20:00 - 2016-06-17 20:00 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2016-06-17 11:40 - 2016-06-17 11:57 - 00000000 ____D C:\EEK

2016-06-17 11:35 - 2016-06-17 11:39 - 238762720 _____ C:\Users\SONY\Desktop\EmsisoftEmergencyKit.exe

2016-06-17 08:51 - 2016-06-17 08:51 - 00245238 _____ C:\Users\SONY\Downloads\[kat.cr]voltron.legendary.defender.s01.web.x264.deflate.ettv.torrent

2016-06-17 08:50 - 2016-06-17 08:50 - 00038191 _____ C:\Users\SONY\Downloads\Gods of Egypt (2016) [720p] [YTS.AG].torrent

2016-06-15 23:05 - 2016-06-15 23:05 - 00030843 _____ C:\Users\SONY\Downloads\Eye in the Sky (2015) [720p] [YTS.AG].torrent

2016-06-15 22:50 - 2016-06-15 22:50 - 00035717 _____ C:\Users\SONY\Downloads\The Finest Hours (2016) [720p] [YTS.AG].torrent

2016-06-15 22:49 - 2016-06-15 22:49 - 00028505 _____ C:\Users\SONY\Downloads\Kung Fu Panda 3 (2016) [720p] [YTS.AG].torrent

2016-06-15 21:22 - 2016-06-15 21:22 - 00004466 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e08.hdtv.x264.killers.ettv.torrent

2016-06-14 15:26 - 2016-06-14 15:26 - 00118387 _____ C:\Users\SONY\Downloads\51DAC0256289674920A46E3DE61E0E3CA7C96106.torrent

2016-06-13 23:19 - 2016-06-13 23:19 - 00000000 ____D C:\Users\SONY\AppData\Local\ESET

2016-06-12 23:56 - 2016-06-12 23:56 - 00000000 ___HD C:\Windows\system32\WLANProfiles

2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\ProgramData\Intel

2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files\Common Files\Intel

2016-06-12 23:55 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files (x86)\Cisco

2016-06-12 23:54 - 2016-06-12 23:54 - 00000000 ____D C:\ProgramData\Package Cache

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\2C0A

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0C0A

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0C04

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0816

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0804

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0424

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041F

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041E

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041D

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\041B

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0419

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0416

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0415

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0414

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0413

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0412

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0411

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0410

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040E

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040D

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040C

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040B

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\040A

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0408

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0407

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0406

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0405

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0404

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Windows\system32\0401

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

2016-06-12 23:43 - 2016-06-12 23:43 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics

2016-06-12 23:42 - 2016-06-12 23:42 - 08137528 _____ (Sony Corporation) C:\Users\SONY\Desktop\EP0000265238.exe

2016-06-12 23:42 - 2016-06-12 23:42 - 00000000 ____D C:\ProgramData\Sony Corporation

2016-06-12 20:25 - 2016-06-12 20:25 - 03677248 _____ C:\Users\SONY\Desktop\AdwCleaner_2.exe

2016-06-12 15:09 - 2016-06-12 15:09 - 03017376 _____ (ESET) C:\Users\SONY\Desktop\eset_smart_security_live_installer.exe

2016-06-12 15:04 - 2016-06-12 15:04 - 06858912 _____ (ESET spol. s r.o.) C:\Users\SONY\Desktop\esetonlinescanner_enu.exe

2016-06-12 14:53 - 2016-06-12 14:53 - 00000756 _____ C:\Users\Public\Desktop\Speccy.lnk

2016-06-12 14:53 - 2016-06-12 14:53 - 00000000 ____D C:\Program Files\Speccy

2016-06-12 14:52 - 2016-06-12 14:52 - 05111240 _____ (Piriform Ltd) C:\Users\SONY\Desktop\spsetup129.exe

2016-06-12 14:46 - 2016-06-12 14:47 - 106360936 _____ (Intel® Corporation) C:\Users\SONY\Desktop\Wireless_18.40.0_PROSet64_Win7.exe

2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\Users\SONY\AppData\Roaming\ATI

2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\Users\SONY\AppData\Local\ATI

2016-06-11 23:25 - 2016-06-11 23:25 - 00000000 ____D C:\ProgramData\ATI

2016-06-11 23:22 - 2016-06-11 23:24 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2016-06-11 22:34 - 2016-06-11 22:34 - 00000000 ____D C:\Program Files\ATI

2016-06-11 22:31 - 2016-06-12 23:55 - 00000000 ____D C:\Program Files (x86)\Intel

2016-06-11 22:31 - 2016-06-11 22:31 - 00000000 ____D C:\Intel

2016-06-11 22:30 - 2016-06-11 22:30 - 00000429 _____ C:\Users\SONY\Desktop\reply.txt

2016-06-11 22:08 - 2016-06-11 22:09 - 00080963 _____ C:\Users\SONY\Desktop\SUPERLANCE-PC.txt

2016-06-11 22:07 - 2016-06-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-06-11 22:06 - 2016-06-12 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2016-06-11 19:39 - 2016-06-11 19:39 - 00036265 _____ C:\Users\SONY\Desktop\MTB.txt

2016-06-11 19:24 - 2016-06-11 19:24 - 00001183 _____ C:\Users\SONY\Desktop\Malwarebytes Anti-Malware.txt

2016-06-11 18:56 - 2016-06-11 18:56 - 00002620 _____ C:\Users\SONY\Desktop\AdwCleaner[C1].txt

2016-06-11 18:54 - 2016-06-11 18:54 - 00014493 _____ C:\Users\SONY\Downloads\[kat.cr]malwarebytes.anti.malware.premium.v2.2.0.1024.2016.pre.activated.sweathand.torrent

2016-06-11 18:46 - 2016-06-13 23:11 - 00000000 ____D C:\AdwCleaner

2016-06-11 18:43 - 2016-06-11 18:43 - 00000000 ____D C:\Users\SONY\AppData\Local\CrashRpt

2016-06-11 18:40 - 2016-06-11 18:41 - 00009825 _____ C:\Users\SONY\Desktop\JRT.txt

2016-06-11 18:36 - 2016-06-11 18:36 - 03677248 _____ C:\Users\SONY\Desktop\AdwCleaner.exe

2016-06-11 18:35 - 2016-06-11 18:35 - 01610816 _____ (Malwarebytes) C:\Users\SONY\Desktop\JRT.exe

2016-06-10 09:46 - 2016-06-10 09:49 - 00013949 _____ C:\Users\SONY\Desktop\Fixlog.txt

2016-06-08 19:06 - 2016-06-18 11:40 - 00020777 _____ C:\Users\SONY\Desktop\FRST.txt

2016-06-08 19:06 - 2016-06-18 11:40 - 00000000 ____D C:\Users\SONY\Desktop\FRST-OlderVersion

2016-06-07 13:03 - 2016-06-07 13:03 - 450433116 _____ C:\Windows\MEMORY.DMP

2016-06-07 13:03 - 2016-06-07 13:03 - 00000000 ____D C:\Windows\Minidump

2016-06-07 08:58 - 2016-06-07 08:58 - 00002173 _____ C:\Users\SONY\Desktop\aswMBR.txt

2016-06-07 08:58 - 2016-06-07 08:58 - 00000512 _____ C:\Users\SONY\Desktop\MBR.dat

2016-06-07 08:44 - 2016-06-18 11:40 - 00000000 ____D C:\FRST

2016-06-07 08:44 - 2016-06-07 08:44 - 05200384 _____ (AVAST Software) C:\Users\SONY\Desktop\aswmbr.exe

2016-06-07 08:43 - 2016-06-18 11:40 - 02386944 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe

2016-06-07 08:21 - 2016-06-07 08:21 - 00000000 ____D C:\ProgramData\TEMP

2016-06-06 10:08 - 2016-06-06 10:08 - 00019844 _____ C:\Users\SONY\Downloads\[kat.cr]zootopia.2016.720p.bluray.950mb.shaanig.torrent

2016-06-06 10:06 - 2016-06-06 10:06 - 00017689 _____ C:\Users\SONY\Downloads\[kat.cr]just.the.3.of.us.2016.hdrip.buhaypirata.torrent

2016-06-06 07:52 - 2016-06-06 07:52 - 00000000 ____D C:\Users\SONY\Documents\Wondershare

2016-06-05 17:14 - 2016-06-05 17:14 - 00003284 _____ C:\Windows\System32\Tasks\SpyHunter4Startup

2016-06-05 17:14 - 2016-06-05 16:41 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe

2016-06-05 17:13 - 2016-06-05 17:13 - 00036669 _____ C:\spyhunter.fix

2016-06-05 16:40 - 2016-06-05 16:40 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood (1).torrent

2016-06-05 16:36 - 2016-06-05 16:36 - 00013514 _____ C:\Users\SONY\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood.torrent

2016-06-05 12:59 - 2016-06-13 18:56 - 00017687 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 21.xlsx

2016-06-05 12:59 - 2016-06-06 09:04 - 00016464 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 22.xlsx

2016-06-05 09:30 - 2016-06-06 09:04 - 00014828 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal (sa Al Falah) 2016 - Week 20.xlsx

2016-06-05 09:26 - 2016-06-05 09:26 - 00028024 _____ C:\Users\SONY\Downloads\Resumen ng Ibang Lokal 10, 12 & 13 (AM & PM) May'16.xlsx

2016-06-03 12:04 - 2016-06-03 12:04 - 00068143 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.smackdown.2016.06.02.hdtv.x264.ebi.tjet.torrent

2016-06-03 11:09 - 2016-06-03 11:09 - 00000000 ____D C:\Users\SONY\AppData\Local\Macroplant_LLC

2016-06-03 11:06 - 2016-06-03 11:06 - 00000000 ____D C:\Users\SONY\AppData\LocalLow\Apple Computer

2016-06-03 10:32 - 2016-06-03 10:32 - 00001440 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-06-03 10:32 - 2016-06-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-06-03 10:31 - 2016-06-03 10:31 - 00000000 ____D C:\Program Files\iPod

2016-06-03 10:28 - 2016-06-03 10:28 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed] (1).torrent

2016-06-03 09:21 - 2016-06-12 19:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-06-03 09:20 - 2016-06-11 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-06-03 09:20 - 2016-06-11 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-06-03 09:20 - 2016-06-03 09:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-06-03 09:20 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-06-03 09:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-06-03 09:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-06-03 00:08 - 2016-06-03 00:08 - 00000020 ___SH C:\Users\SONY\ntuser.ini

2016-06-02 21:18 - 2016-06-02 21:18 - 00000000 _____ C:\autoexec.bat

2016-06-02 21:16 - 2016-06-02 21:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-06-02 20:46 - 2016-06-02 20:46 - 00000000 ____D C:\Users\SONY\AppData\Roaming\www.shadowexplorer.com

2016-06-02 20:28 - 2016-06-02 20:28 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-06-02 20:25 - 2016-06-02 20:25 - 49152216 _____ (Microsoft Corporation) C:\Users\SONY\Desktop\Windows-KB890830-x64-V5.36.exe

2016-06-02 20:24 - 2016-06-02 20:24 - 00000000 ____D C:\ProgramData\ESET

2016-06-02 20:17 - 2016-06-02 20:17 - 00012380 _____ C:\Users\Default\# DECRYPT MY FILES #.html

2016-06-02 20:17 - 2016-06-02 20:17 - 00010509 _____ C:\Users\Default\# DECRYPT MY FILES #.txt

2016-06-02 20:17 - 2016-06-02 20:17 - 00000216 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs

2016-06-02 20:17 - 2016-06-02 20:17 - 00000085 _____ C:\Users\Default\# DECRYPT MY FILES #.url

2016-06-02 19:54 - 2016-06-02 19:54 - 00003636 _____ C:\Windows\System32\Tasks\newdev

2016-06-01 23:12 - 2016-06-01 23:12 - 00020250 _____ C:\Users\SONY\Downloads\[kat.cr]love.is.blind.2016.hdrip.720p.x264.rsg.torrent

2016-06-01 23:11 - 2016-06-01 23:11 - 00023319 _____ C:\Users\SONY\Downloads\[kat.cr]beauty.and.the.bestie.2015.hdrip.x264.rsg.torrent

2016-06-01 23:11 - 2016-06-01 23:11 - 00022995 _____ C:\Users\SONY\Downloads\[kat.cr]all.you.need.is.pag.ibig.2015.hdrip.720p.x264.rsg.torrent

2016-06-01 23:10 - 2016-06-01 23:10 - 00027002 _____ C:\Users\SONY\Downloads\[kat.cr]the.prenup.2015.hdrip.720p.x264.rsg.torrent

2016-06-01 07:28 - 2016-06-01 07:28 - 00132007 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.2016.05.30.hdtv.x264.overtime.rartv.torrent

2016-05-30 20:41 - 2016-05-30 20:41 - 00173825 _____ C:\Users\SONY\Downloads\[kat.cr]ufc.fight.night.88.web.dl.h264.fight.bb.torrent

2016-05-30 20:40 - 2016-05-30 20:40 - 00004130 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e06.hdtv.x264.killers.ettv.torrent

2016-05-27 09:36 - 2016-05-27 09:36 - 00000000 _____ C:\Windows\maraes

2016-05-25 13:04 - 2016-05-25 13:04 - 00003469 _____ C:\Users\SONY\Downloads\63C89D7F5A4EE4574194376746CCFE0ADA0976F1.torrent

2016-05-24 16:22 - 2016-05-24 16:22 - 00020944 _____ C:\Users\SONY\Downloads\[kat.cr]gfrevenge.ava.taylor.screen.shot.torrent

2016-05-24 16:21 - 2016-05-24 16:21 - 00057871 _____ C:\Users\SONY\Downloads\[kat.cr]ava.taylor.2015.hd.720p.torrent

2016-05-24 16:17 - 2016-05-24 16:17 - 00044719 _____ C:\Users\SONY\Downloads\[kat.cr]teenslovemoney.ava.taylor.windy.city.snatch.07.08.2014.torrent

2016-05-24 16:17 - 2016-05-24 16:17 - 00017175 _____ C:\Users\SONY\Downloads\[kat.cr]tiny4k.ava.taylor.tiny.latina.07.01.2014.torrent

2016-05-24 16:16 - 2016-05-24 16:16 - 00016195 _____ C:\Users\SONY\Downloads\[kat.cr]povd.ava.taylor.in.loft.[bleep]ing.torrent

2016-05-24 16:15 - 2016-05-24 16:15 - 00114217 _____ C:\Users\SONY\Downloads\[kat.cr]exploited18.14.03.12.ava.taylor.xxx.1080p.mp4.ktr.torrent

2016-05-24 16:13 - 2016-05-24 16:13 - 00009632 _____ C:\Users\SONY\Downloads\[kat.cr]cfnmteens.ava.taylor.vacation.time.office.quickie.torrent

2016-05-24 16:10 - 2016-05-24 16:10 - 00011604 _____ C:\Users\SONY\Downloads\[kat.cr]therealworkout.ava.taylor.sorry.about.your.balls.torrent

2016-05-24 09:54 - 2016-05-24 09:54 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-05-24 09:42 - 2016-05-24 09:42 - 00000000 ____D C:\Users\SONY\Tracing

2016-05-24 09:41 - 2016-05-24 09:41 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil voip

2016-05-24 09:38 - 2016-05-24 09:38 - 00118613 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.hdtv.x264.fmn.tjet.torrent

2016-05-24 09:36 - 2016-05-24 09:36 - 00169083 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.raw.05.23.2016.720p.hdtv.x264.fmn.tjet.torrent

2016-05-23 15:39 - 2016-05-23 15:39 - 00004723 _____ C:\Users\SONY\Downloads\[kat.cr]game.of.thrones.s06e05.hdtv.x264.killers.ettv.torrent

2016-05-23 11:56 - 2016-05-23 11:56 - 00180829 _____ C:\Users\SONY\Downloads\[kat.cr]wwe.extreme.rules.2016.ppv.web.h264.heel.tjet.torrent

2016-05-20 21:09 - 2016-05-20 21:09 - 00016865 _____ C:\Users\SONY\Downloads\60de7fc58c58e6f59ca33bdcace82c35be959a9b-Trigun-Complete-[Dual].torrent

2016-05-20 01:13 - 2016-05-20 01:13 - 00015746 _____ C:\Users\SONY\Downloads\5c8bce4edc71150bd8b90161b4e2c4951b3e9132-Fullmetal-Alchemist-[1-51-Complete-Dubbed].torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-18 11:41 - 2016-05-16 10:00 - 00000000 ____D C:\Users\SONY\AppData\Roaming\uTorrent

2016-06-18 11:41 - 2015-11-10 22:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-18 11:00 - 2015-11-10 22:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-06-18 05:41 - 2015-11-10 22:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-18 04:49 - 2015-11-10 22:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-06-18 04:49 - 2015-11-10 22:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-06-17 20:00 - 2015-11-10 22:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-06-17 20:00 - 2015-11-10 22:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-06-17 20:00 - 2015-11-10 22:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-06-17 13:19 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc

2016-06-17 11:42 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\DMCache

2016-06-17 08:34 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-06-17 08:34 - 2009-07-14 08:45 - 00031152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-06-17 08:31 - 2014-07-28 17:39 - 00001628 _____ C:\Windows\SysWOW64\bscs.ini

2016-06-17 08:28 - 2016-02-07 23:04 - 00006493 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI

2016-06-17 08:28 - 2016-02-07 23:04 - 00000105 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI

2016-06-17 08:27 - 2015-11-10 22:40 - 00000000 ____D C:\Program Files (x86)\SMADAV

2016-06-17 08:26 - 2009-07-14 09:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-06-17 08:26 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-06-16 21:52 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf

2016-06-13 07:24 - 2009-07-14 09:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2016-06-12 23:56 - 2016-05-14 10:17 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Intel

2016-06-12 23:55 - 2016-05-14 10:16 - 00000000 ____D C:\Program Files\Intel

2016-06-12 23:43 - 2016-02-24 18:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-06-12 23:43 - 2011-04-12 12:17 - 00000000 ____D C:\Windows\system32\0409

2016-06-12 20:30 - 2016-01-21 23:54 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield

2016-06-11 23:54 - 2015-11-10 22:14 - 00000000 ____D C:\Users\SONY

2016-06-11 23:52 - 2016-02-07 23:01 - 00000000 ____D C:\Users\SONY\AppData\Local\bluesoleil

2016-06-11 23:52 - 2016-01-21 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5

2016-06-11 23:52 - 2016-01-21 23:29 - 00000000 ____D C:\Program Files\CyberGhost 5

2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows

2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files\TAP-Windows

2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files (x86)\OpenVPN

2016-06-11 23:52 - 2015-11-13 15:21 - 00000000 ____D C:\Program Files (x86)\betternet

2016-06-11 23:52 - 2015-11-10 22:22 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2016-06-11 23:51 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration

2016-06-11 23:33 - 2016-02-24 18:53 - 00000000 ___HD C:\Program Files (x86)\Temp

2016-06-10 10:08 - 2016-05-14 10:02 - 00000000 ____D C:\Windows\AutoKMS

2016-06-08 19:00 - 2009-07-14 08:45 - 00414656 _____ C:\Windows\system32\FNTCACHE.DAT

2016-06-08 08:02 - 2015-11-11 00:35 - 00108840 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT

2016-06-07 23:22 - 2016-02-02 23:30 - 00000000 ____D C:\ProgramData\Adobe

2016-06-07 23:16 - 2016-01-21 23:27 - 00000000 ____D C:\Program Files\SoftEther VPN Client

2016-06-06 12:49 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Video

2016-06-05 13:44 - 2016-02-06 20:37 - 00000573 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI

2016-06-05 09:24 - 2016-05-14 10:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS

2016-06-03 11:03 - 2015-11-21 17:44 - 00000000 ____D C:\Users\SONY\AppData\Roaming\WinRAR

2016-06-03 10:31 - 2016-04-15 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes

2016-06-03 10:31 - 2015-11-13 11:25 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-06-03 10:24 - 2016-05-16 18:07 - 00000000 ____D C:\Users\SONY\Downloads\Daimos

2016-06-03 10:24 - 2016-05-15 15:34 - 00000000 ____D C:\Users\SONY\AppData\Roaming\HYXDevPsnList

2016-06-03 10:24 - 2016-05-14 11:05 - 00000000 ____D C:\Users\SONY\Documents\Kalihiman

2016-06-03 10:24 - 2016-02-24 19:58 - 00000000 ____D C:\Users\SONY\AppData\Roaming\InputMapper

2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\Downloads\Compressed

2016-06-03 10:24 - 2015-11-13 13:50 - 00000000 ____D C:\Users\SONY\AppData\Roaming\IDM

2016-06-03 10:24 - 2015-11-13 13:48 - 00000000 ____D C:\Users\SONY\Downloads\Internet Download Manager (IDM) 6.25 Build 3 Registered (32bit + 64bit Patch) [CrackingPatching]

2016-06-03 10:24 - 2015-11-10 22:40 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Skype

2016-06-03 10:10 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\Web

2016-05-29 08:23 - 2015-11-10 22:40 - 00000000 ____D C:\ProgramData\Skype

2016-05-28 13:26 - 2016-01-21 23:54 - 00000000 ____D C:\ProgramData\Hotspot Shield

2016-05-24 09:58 - 2016-02-02 23:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2016-05-24 09:53 - 2016-02-02 23:27 - 00000000 ____D C:\Users\SONY\Desktop\Adobe Acrobat XI

==================== Files in the root of some directories =======

2007-08-17 03:00 - 2007-08-17 03:00 - 0001669 _____ () C:\Users\SONY\AppData\Roaming\CranageInadvertency.LLw

1994-03-11 04:00 - 1994-03-11 04:00 - 0053252 _____ () C:\Users\SONY\AppData\Roaming\Introvert.J

1986-03-18 04:00 - 1986-03-18 04:00 - 0002274 _____ () C:\Users\SONY\AppData\Roaming\PrivetOdor.SXy

1992-04-05 03:00 - 1992-04-05 03:00 - 0049764 _____ () C:\Users\SONY\AppData\Roaming\RedeAria.FHs

2013-05-27 03:00 - 2013-05-27 03:00 - 0049883 _____ () C:\Users\SONY\AppData\Roaming\Submersible.rFx

2012-06-16 03:00 - 2012-06-16 03:00 - 0002267 _____ () C:\Users\SONY\AppData\Roaming\Temporary.5

2015-11-15 18:18 - 2015-11-15 18:18 - 0000017 _____ () C:\Users\SONY\AppData\Local\resmon.resmoncfg

Files to move or delete:

====================

C:\Users\Default\# DECRYPT MY FILES #.vbs

Some files in TEMP:

====================

C:\Users\SONY\AppData\Local\Temp\certmgr.exe

C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE

C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE

C:\Users\SONY\AppData\Local\Temp\hss_update.exe

C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-17 00:23

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01

Ran by SONY (2016-06-18 11:41:57)

Running from C:\Users\SONY\Desktop

Windows 7 Professional Service Pack 1 (X64) (2015-11-10 18:14:48)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2633912966-161357401-2138039649-500 - Administrator - Disabled)

Guest (S-1-5-21-2633912966-161357401-2138039649-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2633912966-161357401-2138039649-1002 - Limited - Enabled)

SONY (S-1-5-21-2633912966-161357401-2138039649-1000 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\uTorrent) (Version: 3.4.8.42382 - BitTorrent Inc.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)

Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Betternet (HKLM-x32\...\Betternet) (Version: - )

BlueSoleil 10.0.479.1 (HKLM\...\{9453A661-550D-4FB9-BC91-3C1EEDF2ABDB}) (Version: 10.0.479.1 - IVT Corporation)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)

EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)

Fast Windows Hider 3.9 (HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Fast Windows Hider) (Version: 3.9 - Hidetools)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

Hotspot Shield 5.20.22 Embedded (x32 Version: 5.20.22.9384 - Buildbot) Hidden

IDM Patch 6.25 build 03 (HKLM-x32\...\IDM Patch 6.25 build 03) (Version: build 03 - SandySeedings Team)

Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)

iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)

Remote Mouse version 2.702 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.702 - Remote Mouse)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden

SMADAV version 10.3.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.3.1 - SmadSoft)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)

Windows Driver Package - Atheros Communications Inc. (athr) Net (12/29/2009 8.0.0.279) (HKLM\...\BADC2853BAE2C2BA5C60113ADD1F3A253131BAAD) (Version: 12/29/2009 8.0.0.279 - Atheros Communications Inc.)

Windows Driver Package - Marvell (yukonw7) Net (04/16/2010 11.25.2.3) (HKLM\...\75E14D32AED1E199C9067D18261BF018CF8790C6) (Version: 04/16/2010 11.25.2.3 - Marvell)

WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {313A7B69-2B86-4E5A-8059-7A9358D199A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {344C2CC2-D7F1-42E7-838F-7BA2A6207E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {4A6B2C31-DA73-4BEA-8DE1-0C68E395B6D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {7C01B44C-A1C9-4902-A904-90E05D79241F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)

Task: {8CBF722D-75D4-4372-AF6C-8ADA8506E657} - System32\Tasks\SpyHunter4Startup => D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-06-05] (Enigma Software Group USA, LLC.)

Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe

Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] ()

Task: {F1649DBA-F2EC-4707-81E9-A7E468FDA95D} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-07-23 16:02 - 2014-07-23 16:02 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL

2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\system32\BsTrace.dll

2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\System32\BsTrace.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-07-23 16:02 - 2014-07-23 16:02 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-11-10 22:30 - 2015-01-30 17:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2010-02-04 12:26 - 2010-02-04 12:26 - 00796160 _____ () C:\Program Files (x86)\Fast Windows Hider\fwh.exe

2014-06-16 17:01 - 2014-06-16 17:01 - 00353792 _____ () C:\Windows\system32\cPhoneSDK.dll

2014-06-16 17:01 - 2014-06-16 17:01 - 00086528 _____ () C:\Windows\system32\cPhoneSDKTL.dll

2014-06-16 17:01 - 2014-06-16 17:01 - 00194048 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\InstallApkWithcPhone.dll

2014-07-23 16:02 - 2014-07-23 16:02 - 00075512 _____ () C:\Windows\system32\BlueSoleilCSps.dll

2014-07-23 16:02 - 2014-07-23 16:02 - 00019704 _____ () C:\Windows\system32\BsMobileCSps.dll

2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

2014-07-25 10:11 - 2014-07-25 10:11 - 00367352 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll

2014-07-23 16:01 - 2014-07-23 16:01 - 00031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll

2014-07-23 16:01 - 2014-07-23 16:01 - 00813816 _____ () C:\Windows\SysWow64\BlueSoleilCSps.dll

2014-07-04 09:31 - 2014-07-04 09:31 - 00035672 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll

2014-06-16 17:03 - 2014-06-16 17:03 - 00236280 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BaseLib.dll

2014-06-16 17:03 - 2014-06-16 17:03 - 00056056 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\ExtraLib.dll

2014-06-16 17:03 - 2014-06-16 17:03 - 00048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\cscvt.dll

2014-07-23 16:01 - 2014-07-23 16:01 - 00016632 _____ () C:\Windows\SysWOW64\BsMobileCSps.dll

2014-06-16 17:03 - 2014-06-16 17:03 - 00039672 _____ () C:\Windows\SysWOW64\cPhoneSDKCSps.dll

2016-05-28 04:08 - 2016-05-28 04:08 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll

2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-07-23 16:02 - 2014-07-23 16:02 - 00162552 _____ () C:\Windows\system32\BsProfilefunc.dll

2014-06-16 17:03 - 2014-06-16 17:03 - 00126200 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\s40pack.dll

2016-05-15 15:34 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2016-05-15 15:34 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2016-06-09 01:44 - 2016-06-04 05:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll

2016-06-09 01:44 - 2016-06-04 05:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll

2015-04-13 17:56 - 2015-04-13 17:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00084928 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00034752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00961472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 01303488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll

2015-04-13 17:57 - 2015-04-13 17:57 - 00088512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00363456 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll

2015-04-13 18:00 - 2015-04-13 18:00 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00772544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00702400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00125376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00064448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00030656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll

2015-04-13 17:58 - 2015-04-13 17:58 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll

2015-04-13 17:59 - 2015-04-13 17:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll

2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 - 2016-06-07 08:22 - 00000283 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 systweak.com

127.0.0.1 updateservice1.systweak.com

127.0.0.1 www.systweak.com

127.0.0.1 systemspeedup.systweak.com

127.0.0.1 systweak.com/STCheckGenuineness

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup

MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe

MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{619DF3A2-EA35-4571-81A0-2AEBA500562F}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A050DB11-C8F2-42E4-A024-253474A426C3}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{5F0B0552-AD79-4C9F-B54E-D434B9A46810}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{07C158E1-62E5-4C25-8E87-D000135A880B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9204912D-F6DE-4E1A-A787-4A113F4BC842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{74C7BCBE-CBCA-4096-96AD-9E17160CD78C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{D3288C64-3691-4B55-9AF0-B439C9548610}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe

FirewallRules: [{A18A3C48-DC92-4A75-B522-6760A7182279}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe

FirewallRules: [TCP Query User{5EEB583E-255E-49C3-9D80-DD98C6A75A5E}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe

FirewallRules: [UDP Query User{2482429A-F30A-49CA-A394-834D461B1235}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe

FirewallRules: [{05E02943-E1E5-4BD9-BEA3-E0890417FE26}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe

FirewallRules: [{5D1A0CBC-F00D-46E5-BD29-CEBAF22D9780}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe

FirewallRules: [{C35F0EEA-FDE1-407F-8FA0-E1C56F1FE121}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe

FirewallRules: [{C7206E1F-FF68-476E-A4AD-8CD20AA540AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe

FirewallRules: [{CE92CA78-3926-4BA1-AB58-8CED6B38DAE2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe

FirewallRules: [{F0C0ADE4-3F60-4215-B537-FA226D85ECF2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

FirewallRules: [{1C049B5F-5ED4-4339-90E7-1B56BB008284}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe

FirewallRules: [{BF76EA96-C3DE-4AA1-B1DE-2BA745FA9CA5}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe

FirewallRules: [{8CF2DFE8-6221-4EE3-BB49-7743D5ADD51E}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

FirewallRules: [{549FF6BA-2C88-4D63-A42A-F6785E9AF9A1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

FirewallRules: [{2810A731-9980-40A8-B33F-234700808FD1}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

FirewallRules: [{2F555E2B-A281-4DA7-A84D-DAA0C5312407}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

FirewallRules: [TCP Query User{6F6FA86C-A174-427D-884E-7863EDB4D1B9}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe

FirewallRules: [UDP Query User{CA5D7E1E-008C-436A-9B8F-8C5020EEE2C1}C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\updates\3.4.6_42094.exe

FirewallRules: [{566FDAA8-E9A4-44AA-9E21-628F491F8257}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{8689E4BF-0CFE-4F55-9C0F-C4AFA0090686}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{9598C890-8B65-4762-AF79-B452A24C4962}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A1FFDDED-D56E-4964-B70B-220CDEC63208}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{9134A64F-480B-4C7A-A065-74426A29F0DC}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{3EF3BC81-D276-4050-B020-929C0C77F882}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{96B3F11B-5AA5-48E5-AA54-6247BFE1D997}] => (Allow) D:\iTunes\iTunes.exe

FirewallRules: [{379BB141-FDF8-4D2B-BA79-35F4E1EA6F03}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

FirewallRules: [{8EA9652F-9DAC-46CB-AB4F-AE7BC881A15D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{716DB2A2-2355-4156-AC8D-4F27E25BA2C4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{AEBD48FC-A853-428D-9922-64A4719C19CD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{A512545D-B014-4B72-907B-FDCC80BE0BFE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{653360F2-59AC-4763-BFCA-8C201AD929E5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{32242E73-6F2F-4A02-9757-7A87A6C63B6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{ACBBC1A7-0B56-4375-BE10-864DEDE455D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-06-2016 09:47:00 Restore Point Created by FRST

10-06-2016 10:04:47 Restore Operation

11-06-2016 18:37:44 JRT Pre-Junkware Removal

11-06-2016 23:47:18 Restore Operation

12-06-2016 23:42:50 Installed Renesas Electronics USB 3.0 Host Controller Driver

12-06-2016 23:45:32 Removed Intel® PROSet/Wireless WiFi Software.

12-06-2016 23:53:40 Intel® PROSet/Wireless Software

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)

Description: StorLib bus (virtual storages support)

Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}

Manufacturer: EldoS Corporation

Service: cbfs3

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: IVT_Virtual_0000

Description: IVT_Virtual_0000

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/17/2016 08:26:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2016 09:48:27 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program esetonlinescanner_enu.exe version 2.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c7c

Start Time: 01d1c7e8ebb396d3

Termination Time: 484

Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe

Report Id:

Error: (06/16/2016 12:30:53 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/16/2016 12:30:53 AM) (Source: SideBySide) (EventID: 80) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/16/2016 12:30:17 AM) (Source: SideBySide) (EventID: 80) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/16/2016 12:30:17 AM) (Source: SideBySide) (EventID: 80) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/15/2016 10:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2016 07:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 20e0

Start Time: 01d1c6ed6fd05375

Termination Time: 49

Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe

Report Id:

Error: (06/15/2016 02:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 28c8

Start Time: 01d1c6e312675878

Termination Time: 159

Application Path: C:\Users\SONY\Desktop\esetonlinescanner_enu.exe

Report Id:

Error: (06/13/2016 12:39:40 AM) (Source: SideBySide) (EventID: 80) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

System errors:

=============

Error: (06/17/2016 08:25:24 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/16/2016 08:07:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (06/16/2016 08:07:01 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\SONY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2016 08:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (06/16/2016 08:07:00 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/16/2016 08:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (06/16/2016 08:06:59 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/16/2016 08:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (06/16/2016 08:06:59 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/16/2016 08:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

CodeIntegrity:

===================================

Date: 2016-05-14 09:39:52.626

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-14 09:05:06.241

Date: 2016-05-14 08:57:17.474

Date: 2016-05-13 22:50:53.143

Date: 2016-05-13 22:05:58.637

Date: 2016-05-13 20:54:26.501

Date: 2016-05-13 20:45:44.196

Date: 2016-05-13 16:05:22.772

Date: 2016-05-13 15:04:49.750

Date: 2016-05-13 09:48:51.295

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 78%

Total physical RAM: 4007.2 MB

Available physical RAM: 874.88 MB

Total Virtual: 8012.61 MB

Available Virtual: 4300.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.87 GB) (Free:87.26 GB) NTFS

Drive d: () (Fixed) (Total:318.79 GB) (Free:296.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E861DA86)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=318.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

#22
dbreeze

Posted 18 June 2016 - 03:29 PM

Trusted Helper

Malware Removal
2,216 posts

Download SecurityCheck by glax24 here and save utility on your Desktop
Double-click it (For Windows XP users) or right-click and choose Run As Administrator (For Windows Vista/7 users)
Do not block the utility by your Firewall warnings (if any).
Wait for the end of scan. Log SecurityCheck.txt will be open in the Notepad;
In case you close the Notepad you can find a log in the system root folder named SecurityCheck, for example C:\SecurityCheck\SecurityCheck.txt
Copy its contents to your next post.

#23
Lance Cabrera Fajardo

Posted 19 June 2016 - 05:35 AM

Member

Topic Starter
Member
29 posts

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]

WebSite: www.safezone.cc

DateLog: 19.06.2016 15:33:25

Path starting: C:\Users\SONY\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe

Log directory: C:\SecurityCheck\

IsAdmin: True

User: SONY

VersionXML: 3.09is-18.06.2016

___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)

Installation date OS: 10.11.2015 18:14:48

LicenseStatus: Windows® 7, Professional edition Volume activation will expire : 238680 minutes

Boot Mode: Normal

Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

SystemDrive: C: FS: [NTFS] Capacity: [146.9 Gb] Used: [59.7 Gb] Free: [87.2 Gb]

------------------------------- [ Windows ] -------------------------------

Internet Explorer 8.0.7601.17514 Warning! Download Update

Online installation. Last version available when Windows update is enabled throught the Internet.

User Account Control enabled

Automatic Updates disabled

Windows Update (wuauserv) - The service is running

Security Center (wscsvc) - The service is running

Remote Registry (RemoteRegistry) - The service has stopped

SSDP Discovery (SSDPSRV) - The service is running

Remote Desktop Services (TermService) - The service has stopped

Windows Remote Management (WS-Management) (WinRM) - The service has stopped

------------------------------ [ MS Office ] ------------------------------

Microsoft Office 2010 x86 v.14.0.4763.1000

--------------------------- [ FirewallWindows ] ---------------------------

Windows Firewall (MpsSvc) - The service is running

--------------------------- [ AntiSpyware_WMI ] ---------------------------

Windows Defender (enabled and out of date)

-------------------------- [ SecurityUtilities ] --------------------------

Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043

--------------------------- [ OtherUtilities ] ----------------------------

WinRAR 5.00 beta 6 (64-bit) v.5.00.6 Warning! Download Update

VLC media player v.2.2.1 Warning! Download Update

---------------------------- [ ProxyAndVPNs ] -----------------------------

Hotspot Shield 5.20.22 Embedded v.5.20.22.9384 Warning! This app can show ads.

Hotspot Shield Service (hshld) - The service is running

--------------------------------- [ P2P ] ---------------------------------

µTorrent v.3.4.8.42382 Warning! P2P-client.

--------------------------- [ AppleProduction ] ---------------------------

Bonjour v.3.1.0.1

iTunes v.12.4.1.6

Bonjour Service (Bonjour Service) - The service is running

--------------------------- [ AdobeProduction ] ---------------------------

Adobe Flash Player 22 ActiveX v.22.0.0.192

Adobe Flash Player 22 NPAPI v.22.0.0.192

------------------------------- [ Browser ] -------------------------------

Google Chrome v.51.0.2704.103

--------------------------- [ RunningProcess ] ----------------------------

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.84

------------------ [ AntivirusFirewallProcessServices ] -------------------

MBAMScheduler (MBAMScheduler) - The service has stopped

MBAMService (MBAMService) - The service has stopped

Windows Defender (WinDefend) - The service is running

---------------------------- [ UnwantedApps ] -----------------------------

D:\New Downloaded Files\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe v.4.21.10.4585

----------------------------- [ End of Log ] ------------------------------

#24
dbreeze

Posted 19 June 2016 - 09:28 PM

Trusted Helper

Malware Removal
2,216 posts

Download the attached fixlist.txt file and save it to the Desktop. ==>> Fixlist.txt 3.98KB 172 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

#25
Lance Cabrera Fajardo

Posted 20 June 2016 - 05:03 AM

Member

Topic Starter
Member
29 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01

Ran by SONY (2016-06-20 14:51:17) Run:2

Running from C:\Users\SONY\Desktop

Loaded Profiles: SONY (Available Profiles: SONY)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

Unlock: HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\Run: [Acjworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

Unlock: C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll

C:\Users\SONY\AppData\Local\Itpksoft

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\...\MountPoints2: {8eca3634-e5f6-11e5-8e9d-90004e9b9afd} - G:\Lenovo_Suite.exe

Toolbar: HKU\S-1-5-21-2633912966-161357401-2138039649-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-18]

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]

S3 WsDrvInst; C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe [X]

C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe

S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

C:\Windows\system32\drivers\efavdrv.sys

C:\Users\Default\# DECRYPT MY FILES #.vbs

C:\Users\SONY\AppData\Local\Temp\certmgr.exe

C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE

C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE

C:\Users\SONY\AppData\Local\Temp\hss_update.exe

C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe

Task: {C9EF939B-5B04-4DA6-B71B-9721D9651B04} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

C:\Windows\AutoKMS

Task: {DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50} - System32\Tasks\newdev => C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}\newdev.exe

C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}

Task: {DFD39FC8-C264-485A-9F85-5AC6986EC6E1} - System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => C:\Users\SONY\Downloads\Compressed\DS4Windows_2\DS4Windows.exe [2015-12-17] ()

C:\Users\SONY\Downloads\Compressed\DS4Windows_2

cmd: ipconfig /flushdns

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state on

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

CMD: bitsadmin /reset /allusers

RemoveProxy:

EmptyTemp:

Reboot:

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79 => value removed successfully

HKU\Unlock: S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Unlock: Acjworks => value not found.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acjworks => value removed successfully

"C:\Users\SONY\AppData\Local\Itpksoft\hmzmicsd.dll" => not found.

"C:\Users\SONY\AppData\Local\Itpksoft" => not found.

"HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd}" => key removed successfully

HKCR\CLSID\{8eca3634-e5f6-11e5-8e9d-90004e9b9afd} => key not found.

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.

"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully

HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.

"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully

"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.

Chrome Session Restore: => removed successfully

C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => not found.

C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => not found.

C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully

"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => not found.

C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully

"C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.

HssTrayService => service removed successfully

WsDrvInst => service removed successfully

"C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE" => not found.

"C:\Program Files (x86)\Wondershare\SafeEraser\DriverInstall.exe" => not found.

efavdrv => service removed successfully

"C:\Windows\system32\drivers\efavdrv.sys" => not found.

C:\Users\Default\# DECRYPT MY FILES #.vbs => moved successfully

C:\Users\SONY\AppData\Local\Temp\certmgr.exe => moved successfully

C:\Users\SONY\AppData\Local\Temp\GLF71DD.EXE => moved successfully

C:\Users\SONY\AppData\Local\Temp\GLF7F60.EXE => moved successfully

C:\Users\SONY\AppData\Local\Temp\hss_update.exe => moved successfully

C:\Users\SONY\AppData\Local\Temp\SkypeSetup.exe => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9EF939B-5B04-4DA6-B71B-9721D9651B04}" => key removed successfully

C:\Windows\System32\Tasks\AutoKMS => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully

C:\Windows\AutoKMS => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA84BEB0-85B4-4E80-8875-2E2B9C9E1F50}" => key removed successfully

C:\Windows\System32\Tasks\newdev => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\newdev" => key removed successfully

"C:\Users\SONY\AppData\Roaming\{B48A451A-18BC-FC82-BAAB-3811A90BF5E1}" => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFD39FC8-C264-485A-9F85-5AC6986EC6E1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFD39FC8-C264-485A-9F85-5AC6986EC6E1}" => key removed successfully

C:\Windows\System32\Tasks\{CC3453B8-21D7-43FE-86C0-29531ECD6A70} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC3453B8-21D7-43FE-86C0-29531ECD6A70}" => key removed successfully

C:\Users\SONY\Downloads\Compressed\DS4Windows_2 => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2633912966-161357401-2138039649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10603974 B

Java, Flash, Steam htmlcache => 1271 B

Windows/system/drivers => 2406635 B

Edge => 0 B

Chrome => 325315579 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 82612 B

systemprofile32 => 336283 B

LocalService => 66228 B

NetworkService => 10662 B

SONY => 1177262644 B

RecycleBin => 215075 B

EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:53:57 ====

#26
dbreeze

Posted 20 June 2016 - 09:42 AM

Trusted Helper

Malware Removal
2,216 posts

Are you still seeing the error at start up?

#27
Lance Cabrera Fajardo

Posted 21 June 2016 - 04:14 AM

Member

Topic Starter
Member
29 posts

Hello,

First of all, let me say thank you for your help,

you've been very patient on me regarding my system's problem.

So far after running that fix, i guess it cleared all of those nasty unwanted pop-ups.

I really appreciate what you've done here,

Thanks dbreeze!

and to the whole geekstogo gang!

You Guys Rock!

Regards,

Lance

#28
dbreeze

Posted 21 June 2016 - 06:24 PM

Trusted Helper

Malware Removal
2,216 posts

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

Download Delfix from here or here
to your desktop and double click it to start the program
Ensure Remove disinfection tools is ticked
Also tick:
Activate UAC
Create registry backup
Purge system restore
Reset system settings
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

Click Start and then click Control Panel.
Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
Scroll down and click on Windows Update.
Click on Change settings.
Under Important Updates, click on Install updates automatically (recommended).
Select (click on) the other options on this page.
Select a day and time to have windows install the updates.
Click on Ok to change the settings.
If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

Click Start and then click Control Panel.
If you need to, click View by: and select either Large Icons or Small Icons.
Click on Programs and Features.
Scroll down until you find Java and click on it to select that program.
(Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
Click Uninstall.
If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

Go to java.com and click on Do I have Java?.
On the next page, click on Verify Java Version.
If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
Follow the recommendations (if any) on the results screen.
If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
The site will start a download of jxpiinstall.exe. Save the file to your desktop.
When the download is finished, close your browser.
Right click on the jxpiinstall.exe and select Run as Administrator.
On the opening window, check Change destination folder and then click Install>.
The program will now download the rest of the files needed to install Java.
On the Destination Folder window, click Next>.
On the next window, the install will present you the option of adding additional software (this is known as Foistware).
Uncheck the Set and keep Ask as my default search provider.
Uncheck the Install the Ask Toolbar.
Click Next> to finish the install.
When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

Launch your Adobe Reader.
Click Help and then click on About Adobe Reader from the menu list.
If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
Click on Download in the menu bar on top of the Adobe web page.
Click on Adobe Reader in the list on the right hand side of the page.
On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
Click the Install Now button and follow the directions on next page.
If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).

You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

#29
Lance Cabrera Fajardo

Posted 22 June 2016 - 03:05 AM

Member

Topic Starter
Member
29 posts

WOAH!

You're so good my friend,

I only thought you'd only fix/solve my problems,

but now you've given me a lot of insights about my pc,

You've given me a couple of useful software on which i think would be really helpful in giving me a worry free pc.

Ok, first,

ESET was already uninstalled before.

Next,

Here's the log for the Delfix:

# DelFix v1.013 - Logfile created 22/06/2016 at 12:22:42

# Updated 17/04/2016 by Xplode

# Username : SONY - SUPERLANCE-PC

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\SecurityCheck

Deleted : C:\Users\SONY\Desktop\FRST-OlderVersion

Deleted : C:\Users\SONY\Desktop\AdwCleaner.exe

Deleted : C:\Users\SONY\Desktop\AdwCleaner_2.exe

Deleted : C:\Users\SONY\Desktop\aswmbr.exe

Deleted : C:\Users\SONY\Desktop\FRST64.exe

Deleted : C:\Users\SONY\Desktop\JRT.exe

Deleted : C:\Users\SONY\Desktop\MBR.dat

Deleted : C:\Users\SONY\Desktop\SecurityCheck.exe

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Next,

I had to admit, previously, i turned off my windows update, because sometimes, i thought it was just annoying, and few other times before,
after a certain windows update, suddenly my pc is getting slower and sometimes my only option is to restore it. Since i'm not a techie guy, i thought that windows updates were messing with my pc more than helping it, so i turned it off. But now with your advice, i think i'll just leave it ON and let it do it's job.

Next,

Was never been a fan of Java, so since then i was not installing it, because i heard a couple of problems that were attached to it. So were clear with this one.

Next,

Before, i was installing Adobe Acrobat (but only the pirated ones), so i thought i was fine with that, but i think it was that same software that got me into troubles, so instead of using it and the Adobe Reader, i'll just use what you've suggested; i've installed Sumatra PDF, and it seems pretty decent for a free software, so HUGE THANKS for that!

Next,

I downloaded, installed and tried Heimdal Free,
it shows that my software installed are all up to date, but it's still good to know that i have this kind of app on which i can use to check the status of the currently installed programs on my pc.

Now, here's a tricky one.

January this year when my original Hard Drive (C.) was corrupted, so had no choice but to replaced it,
an IT friend of mine installed it and provide the other software that my PC needed,

then here's my QUESTION,
He then installed SMADAV

as my AntiVIrus, previously, i think i was Using Avast or something,
and as i've mentioned being not a techie guy, i thought having this current AntiVirus is OK,
but since you're the expert, what are your thoughts on this?
Should i keep this SMADAV? or try what you've suggested:

"First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus"

Next,

I've checked, my Windows Firewall are Turned On, so i think i have no more questions about this.

Next,

Unchecky, Done, Downloaded and Installed.

Next,

Here's another tricky one, i wasn't aware before of this ransomware and this kind of BS (pardon me), so i think most of my issues started when i became a victim of one of this ransomware few months ago,
So as i can recall, i was browsing, then suddenly a pop up message come up and when i checked my files, all of it or most of it were DECRYPTED, word, excel, pdf, music files, images etc.
I tried to look online for any solutions on that issue, but came up being hopeless, so i had no choice, because as i read, i shouldn't buy those silly software just to decrypt my files, so i didn't but i couldn't retrieved all of my files so i had no choice but to give up and delete ALL, i mean all of my files.
Twas a very unfortunate incident, and i wish i never became a victim of that malware/ransomware.
So right now, suggesting/giving me this CryptoPrevent might just actually help me in the future, on hoping not to get being victimized by these kind of virus/malwares.

Lastly,

I already have MalwareBytes Antimalware, and i'm using Chrome as my browser instead of Firefox, so i guess that would be all.

Again, lots of thanks and appreciation to you my friend.
Sorry for my other concerns.

and thanks for the response!

#30
dbreeze

Posted 22 June 2016 - 10:27 AM

Trusted Helper

Malware Removal
2,216 posts

I would recommend uninstalling SmadAV and installing Avast Free (my personal choice but you can choose either of the two mentioned).

Why those? First, they are free and fully functional as AntiVirus software; no need to buy anything to get full AV functions. They are also tested and ranked by Independant Testing organizations that are well known and respected in the Anti-Malware communities; AV-Comparatives.org and AV-Test.org being two research labs you can look at their open testing and results.

Good to know about all the rest you have learned / done. Any other questions?