Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange process "dllhost.exe" and sluggish computer


  • This topic is locked This topic is locked
16 replies to this topic

#1 rogp10

rogp10

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 February 2018 - 10:46 PM

(continued from https://www.bleepingcomputer.com/forums/t/669561/sluggish-pc-trojan-suspected/#entry4437005)
 
The first post, quoted:
 

After opening a file for the first time, my PC is getting very slow. I've found two suspicious processes in Process Explorer named "dllhost.exe", running from "c:\windows\SysWoW64\dllhost.exe /ProcessID: {a bunch of numbers, always changing}" and an instance of svchost.exe using disk a lot. I scanned the file on VT and it found a WisdomEyes in the file.
 
I've tried Rkill: nothing strange found other than localhost.

 
Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by SONY (administrator) on SONY-VAIO (03-02-2018 10:26:41)
Running from C:\Users\SONY\Downloads\Programs
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(f.lux Software LLC) C:\Users\SONY\AppData\Local\FluxSoftware\Flux\flux.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
() D:\unikey42RC4-140823-win64\UniKeyNT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-03-15] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-30] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [f.lux] => C:\Users\SONY\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-11] (f.lux Software LLC)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2017-06-09] (Tonec Inc.)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [UniKey] => D:\unikey42RC4-140823-win64\UniKeyNT.exe [521216 2014-08-23] ()
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [uTorrent] => d:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2017-09-13] (BitTorrent, Inc.)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-04-02] ()
Winsock: Catalog5-x64 10 C:\Windows\system32\PrxerNsp.dll [56936 2012-04-02] ()
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3C74E63A-A862-40B3-8754-AAE95BCA783E}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{3C74E63A-A862-40B3-8754-AAE95BCA783E}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3111776467-951520387-2511800582-1001 -> DefaultScope {A58E2B75-7700-469B-84C9-F1C1352D8E5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYADF&pc=MASP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3111776467-951520387-2511800582-1001 -> {A58E2B75-7700-469B-84C9-F1C1352D8E5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYADF&pc=MASP&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-09-11] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-09-11] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jlsbc49a.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default [2018-02-02]
FF NetworkProxy: Mozilla\Firefox\Profiles\jlsbc49a.default -> ftp", "127.0.0.1"
FF Extension: (Multi-Account Containers) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\@testpilot-containers.xpi [2017-11-18] [Legacy]
FF Extension: (Best Proxy Switcher) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2017-11-19] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-29] [Legacy]
FF Extension: (Tampermonkey) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\firefox@tampermonkey.net.xpi [2017-12-18]
FF Extension: (HTTPS Everywhere) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\https-everywhere@eff.org.xpi [2018-01-30]
FF Extension: (Image and Flash Blocker) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\imgflashblocker@shimon.chohen.xpi [2017-09-14] [Legacy]
FF Extension: (Proxy Switcher) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2017-11-19] [Legacy]
FF Extension: (Google search link fix) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-09-10]
FF Extension: (Decentraleyes) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-01-24] [Legacy]
FF Extension: (Flash Block (Plus)) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-09-14]
FF Extension: (No More Blogger Redirect) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-oCwaAvW4FzkA5w@jetpack.xpi [2017-09-13] [Legacy]
FF Extension: (Strict Pop-up Blocker) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2017-12-29] [Legacy]
FF Extension: (Redirector) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\redirector@einaregilsson.com.xpi [2017-11-25]
FF Extension: (Tab Groups) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\tabgroups@quicksaver.xpi [2018-01-28] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-02]
FF Extension: (Session Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-10-31] [Legacy]
FF Extension: (Complete YouTube Saver) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-10-04] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-11-14] [Legacy]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-06-08]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5 [2017-09-10] [Legacy] [not signed]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-11] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2017-09-11] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2017-09-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Presentations) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-12]
CHR Extension: (Documents) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-16]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]
CHR Extension: (Spreadsheet) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-12]
CHR Extension: (Google Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-16]
CHR Extension: (Chrome) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-12]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-30] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-30] (AVAST Software)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-08] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S4 MBAMService; d:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-30] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-30] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-30] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-30] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-30] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-30] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-30] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-30] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-30] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2017-09-13] (Disc Soft Ltd)
S2 EnergyDriver; C:\Program Files\Intel\Power Gadget 3.5\EnergyDriver.sys [18544 2017-08-02] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-01] (Malwarebytes)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-03 10:26 - 2018-02-03 10:26 - 000000000 ____D C:\FRST
2018-02-02 12:15 - 2018-02-02 12:15 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-02 11:48 - 2018-02-02 11:48 - 000000000 ___HD C:\$AV_ASW
2018-02-01 15:43 - 2018-02-01 15:43 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-01 15:15 - 2018-02-01 15:15 - 000000207 _____ C:\Windows\tweaking.com-regbackup-SONY-VAIO-Windows-7-Home-Premium-(64-bit).dat
2018-02-01 15:15 - 2018-02-01 15:15 - 000000000 ____D C:\RegBackup
2018-02-01 15:14 - 2018-02-01 15:14 - 000000000 ____D C:\TDSSKiller_Quarantine
2018-02-01 15:11 - 2018-02-01 15:14 - 000209200 _____ C:\TDSSKiller.3.1.0.16_01.02.2018_15.11.41_log.txt
2018-01-31 21:23 - 2018-01-31 21:23 - 000712880 _____ C:\Windows\Minidump\013118-18298-01.dmp
2018-01-31 21:22 - 2018-01-31 21:22 - 571589026 _____ C:\Windows\MEMORY.DMP
2018-01-31 01:56 - 2018-01-31 01:56 - 000000000 ____D C:\Users\SONY\AppData\Local\ESET
2018-01-31 01:50 - 2018-01-31 01:54 - 000000000 ____D C:\AdwCleaner
2018-01-30 21:26 - 2018-01-30 21:26 - 000000403 _____ C:\Users\SONY\Documents\003.txt
2018-01-30 21:26 - 2018-01-30 21:26 - 000000105 _____ C:\Users\SONY\Documents\004.txt
2018-01-30 21:15 - 2018-01-30 21:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-30 21:12 - 2018-01-30 21:13 - 000002214 _____ C:\Users\SONY\Desktop\Rkill.txt
2018-01-30 20:42 - 2018-01-30 21:23 - 000000000 ____D C:\Qoobox
2018-01-30 20:41 - 2018-01-30 20:57 - 000000000 ____D C:\Windows\erdnt
2018-01-30 20:28 - 2018-01-30 20:28 - 000000000 ____D C:\gt
2018-01-30 20:15 - 2018-01-30 20:15 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\LVGameDev LLC
2018-01-30 07:54 - 2018-01-30 07:54 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-30 07:54 - 2018-01-30 07:54 - 000001922 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2018-01-30 07:54 - 2018-01-30 07:54 - 000000000 ____D C:\Users\SONY\AppData\Roaming\AVAST Software
2018-01-30 07:54 - 2018-01-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-01-30 07:53 - 2018-02-02 11:46 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-30 07:53 - 2018-01-30 07:53 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-30 07:53 - 2018-01-30 07:53 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-30 07:53 - 2018-01-30 07:53 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-01-30 07:53 - 2018-01-30 07:53 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-30 07:53 - 2018-01-30 07:52 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-30 07:53 - 2018-01-30 07:52 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-30 07:53 - 2018-01-30 07:52 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-30 07:53 - 2018-01-30 07:52 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-30 07:53 - 2018-01-30 07:52 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-30 07:53 - 2018-01-30 07:52 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-30 07:51 - 2018-01-30 08:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-30 07:51 - 2018-01-30 07:51 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-25 04:59 - 2018-01-25 04:59 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\RewindApp
2018-01-22 19:08 - 2018-01-22 19:08 - 000005132 _____ C:\Users\SONY\Documents\002.txt
2018-01-22 19:08 - 2018-01-22 19:08 - 000000199 _____ C:\Users\SONY\Documents\cc1.txt
2018-01-21 01:42 - 2018-01-21 01:42 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\HermesInteractive
2018-01-20 03:21 - 2018-01-20 03:21 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\GameChanger Studio
2018-01-19 16:05 - 2018-01-19 16:05 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Picaresque Studio
2018-01-19 16:00 - 2018-01-19 16:00 - 000000873 _____ C:\Users\SONY\Downloads\[torviet.com].Sky.Force.Anniversary-TiNYiSO.torrent
2018-01-19 13:48 - 2018-01-19 13:48 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Northplay
2018-01-18 20:25 - 2018-01-18 20:25 - 000000000 ____D C:\Users\SONY\AppData\Roaming\com.filament.cps
2018-01-18 19:44 - 2018-01-18 19:44 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mana Games
2018-01-18 19:17 - 2018-01-18 19:18 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Click_Raid
2018-01-18 18:42 - 2018-01-18 18:42 - 000000020 _____ C:\Users\SONY\Documents\serial_shady_grady.txt
2018-01-18 17:47 - 2017-04-28 05:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-01-18 17:47 - 2017-04-12 20:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-01-17 23:35 - 2018-01-18 00:01 - 000000000 ____D C:\Users\SONY\AppData\Local\DungeonSouls
2018-01-15 22:18 - 2018-01-15 22:18 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Pixel Prototype LLC
2018-01-13 21:06 - 2018-01-13 21:06 - 000000000 ____D C:\Users\SONY\Documents\AutomaticSolution Software
2018-01-13 21:03 - 2018-01-13 21:03 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\William Cheek
2018-01-13 20:41 - 2018-01-13 20:41 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\WolfshipGames
2018-01-09 17:15 - 2018-01-14 20:50 - 000000766 _____ C:\Users\Public\Desktop\Railroad Tycoon 3 CTC.lnk
2018-01-09 17:15 - 2018-01-14 20:50 - 000000766 _____ C:\ProgramData\Desktop\Railroad Tycoon 3 CTC.lnk
2018-01-09 17:15 - 2018-01-09 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3 CTC
2018-01-08 15:56 - 2016-12-27 02:22 - 000000849 _____ C:\Users\SONY\Desktop\Launch Airline Tycoon Deluxe.lnk
2018-01-06 14:58 - 2018-01-06 14:58 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Asmodee
2018-01-05 21:24 - 2018-01-05 22:57 - 000000000 ____D C:\Users\SONY\Documents\OpenTTD
2018-01-05 21:21 - 2018-01-05 21:21 - 000000680 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2018-01-05 21:21 - 2018-01-05 21:21 - 000000680 _____ C:\ProgramData\Desktop\OpenTTD.lnk
2018-01-05 21:21 - 2018-01-05 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2018-01-05 00:10 - 2018-01-05 00:10 - 000024224 _____ C:\Users\SONY\energy-report.html
2018-01-04 17:36 - 2018-01-04 17:36 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2018-01-04 17:36 - 2018-01-04 17:36 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2018-01-04 17:36 - 2018-01-04 17:36 - 000122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2018-01-04 17:36 - 2018-01-04 17:36 - 000109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2018-01-04 17:36 - 2018-01-04 17:36 - 000000000 ____D C:\Program Files (x86)\OpenAL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-03 10:26 - 2017-09-10 23:33 - 000000000 ____D C:\Users\SONY\AppData\Roaming\DMCache
2018-02-03 07:11 - 2017-10-24 14:55 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2018-02-03 06:28 - 2017-10-24 14:55 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-3111776467-951520387-2511800582-1001.job
2018-02-02 12:42 - 2017-11-13 21:17 - 000000000 ____D C:\Users\SONY\AppData\Local\ElevatedDiagnostics
2018-02-02 12:40 - 2017-09-10 17:59 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2018-02-02 12:21 - 2009-07-14 11:45 - 000020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-02 12:21 - 2009-07-14 11:45 - 000020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-02 12:18 - 2009-07-14 12:13 - 000799064 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-02 12:18 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-02-02 12:14 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-02 12:14 - 2009-07-14 11:45 - 000297064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-02 12:03 - 2009-07-14 09:34 - 000000486 _____ C:\Windows\win.ini
2018-02-02 11:45 - 2011-02-15 07:47 - 000799064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-02 11:35 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-01 15:52 - 2017-09-10 17:04 - 000066728 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-01 15:24 - 2009-07-14 09:34 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_499
2018-02-01 14:52 - 2017-09-12 03:27 - 000000000 ____D C:\Users\SONY\AppData\Local\CrashDumps
2018-01-31 21:23 - 2018-01-03 22:32 - 000000000 ____D C:\Windows\Minidump
2018-01-31 01:44 - 2017-09-10 23:33 - 000000000 ____D C:\Users\SONY\AppData\Roaming\IDM
2018-01-30 20:56 - 2009-07-14 09:34 - 000000215 _____ C:\Windows\system.ini
2018-01-30 20:56 - 2009-07-14 09:34 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_505
2018-01-30 20:32 - 2017-09-11 06:22 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-01-30 07:43 - 2017-09-16 17:02 - 000000000 ____D C:\Users\SONY\AppData\Roaming\vlc
2018-01-28 14:44 - 2017-09-29 02:11 - 000000000 ____D C:\tr
2018-01-23 23:49 - 2017-09-24 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-01-18 19:54 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-18 19:17 - 2017-09-12 02:52 - 000000000 ____D C:\Users\SONY\AppData\Roaming\SmartSteamEmu
2018-01-18 17:43 - 2017-11-19 18:12 - 000000000 ____D C:\Users\SONY\Documents\Euro Truck Simulator 2
2018-01-17 21:15 - 2017-10-28 22:43 - 000002363 _____ C:\Users\SONY\Documents\fastssh.tlp
2018-01-14 23:11 - 2017-10-15 04:32 - 000000000 ____D C:\video
2018-01-09 17:15 - 2017-09-14 11:39 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-01-09 16:06 - 2017-11-14 18:37 - 000000282 _____ C:\Users\SONY\Documents\001.txt
2018-01-09 08:04 - 2017-12-12 08:57 - 000002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 08:04 - 2017-12-12 08:57 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-09 08:04 - 2017-12-12 08:57 - 000002179 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-01-05 00:10 - 2017-09-10 17:02 - 000000000 ____D C:\Users\SONY
2018-01-04 17:36 - 2017-09-14 16:36 - 000000000 ____D C:\Windows\SysWOW64\directx

==================== Files in the root of some directories =======

2017-09-16 06:04 - 2017-09-17 08:00 - 000000000 _____ () C:\Users\SONY\AppData\Roaming\avoriontestfile
2017-09-10 17:09 - 2017-09-10 17:09 - 000000017 _____ () C:\Users\SONY\AppData\Local\resmon.resmoncfg
2017-10-24 14:55 - 2017-10-24 14:55 - 000000003 _____ () C:\Users\SONY\AppData\Local\updater.log
2017-10-24 14:55 - 2017-10-24 14:58 - 000000059 _____ () C:\Users\SONY\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 04:07

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by SONY (03-02-2018 10:27:48)
Running from C:\Users\SONY\Downloads\Programs
Windows 7 Home Premium Service Pack 1 (X64) (2017-09-10 10:02:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3111776467-951520387-2511800582-500 - Administrator - Disabled)
Guest (S-1-5-21-3111776467-951520387-2511800582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3111776467-951520387-2511800582-1002 - Limited - Enabled)
SONY (S-1-5-21-3111776467-951520387-2511800582-1001 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{59CFDD96-728A-A88C-36E5-1163342C814F}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Archi 4.0.3 (HKLM\...\{17490178-4BB9-40A0-A9C4-F82027FF49B8}_is1) (Version: 4.0.3 - Phillip Beauvoir)
Armello From Below (HKLM\...\YXJtZWxsbw_is1) (Version: 1 - )
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.2.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Battle Brothers - Lindwurm (HKLM-x32\...\Battle Brothers - Lindwurm_is1) (Version: - )
Bitvise SSH Client - FlowSshNet (x64) (HKLM\...\{3129A0B9-8B59-4AD2-89B2-C1C676734432}) (Version: 7.35.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{E7424C93-3C2B-411A-8F0F-3CE6848FA2F3}) (Version: 7.35.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client 7.35 (remove only) (HKLM-x32\...\BvSshClient) (Version: 7.35 - Bitvise Limited)
CLUE Classic (HKLM-x32\...\CLUE Classic1.0) (Version: 1.0 - Adnan_Boy 2008)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defenders Quest Valley of the Forgotten Deluxe HD Edition MULTi11 (HKLM-x32\...\Defenders Quest Valley of the Forgotten Deluxe H~E8C28FA3_is1) (Version: - )
Delicious Emilys 16 PE (HKLM-x32\...\Delicious Emilys 16 PE) (Version: 1.0 - GameHouse)
dopewars-1.5.12 (HKLM-x32\...\dopewars-1.5.12) (Version: - )
Drug Wars (HKLM-x32\...\Geek Phase Drug Wars) (Version: - )
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Everyday Genius. Square Logic (HKLM-x32\...\Everyday Genius. Square Logic) (Version: 1.0 - GameHouse)
f.lux (HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Flux) (Version: - f.lux Software LLC)
FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.3 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java™ 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4 Extended 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Extended CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Extended CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\1434554947_is1) (Version: 201712140945(gamma34) - GOG.com)
Monopoly Here & Now Edition (HKLM-x32\...\Monopoly Here & Now Edition) (Version: 1.0.18.272 - GameHouse, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTTD 1.7.2 (HKLM-x32\...\OpenTTD) (Version: 1.7.2 - OpenTTD)
Patrician 3 (HKLM-x32\...\Patrician 3_is1) (Version: - GOG.com)
Ports Of Call XXL (HKLM-x32\...\Ports Of Call XXL) (Version: 1.0.13 - MMS Dipl.-Ing. Rolf-Dieter Klein)
Proxifier version 3.15 (HKLM-x32\...\Proxifier_is1) (Version: 3.15 - Initex)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PYV_x86 (HKLM-x32\...\{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}) (Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Railroad Tycoon 3 CTC version 1.05 (HKLM-x32\...\{B2398CDA-063B-4B9F-9857-DABF6EF0C3E0}_is1) (Version: 1.05 - vol1)
Railroad Tycoon 3 Locomotive Pack v1.0 (HKLM-x32\...\RT3LocoPatch) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Renowned Explorers The Emperors Challenge (HKLM-x32\...\Renowned Explorers The Emperors Challenge_is1) (Version: - )
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.0 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TransOcean 2 Rivals (HKLM-x32\...\TransOcean 2 Rivals_is1) (Version: - )
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
حزمة اللغة العربية الموسعة لـ Microsoft .NET Framework 4 (HKLM\...\Microsoft .NET Framework 4 Extended ARA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-30] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-30] (AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-30] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-01-18] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-30] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E09E2F-309C-482E-9BDD-048A4CA24607} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-11] (Adobe Systems Incorporated)
Task: {09B212A9-8DBF-4394-8785-5ACBAD705A08} - System32\Tasks\{FEEAA874-A570-429D-A583-721DFCB00C9C} => C:\Windows\system32\pcalua.exe -a C:\Users\SONY\Downloads\Programs\dopewars-1.5.12.exe -d C:\Users\SONY\AppData\Roaming\IDM
Task: {2044FB36-DD50-425D-BD51-C4E8B60C3349} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-12] (Google Inc.)
Task: {29B1D960-F345-4AFD-9163-E49B404FA55F} - System32\Tasks\{A5EFD92C-11CD-46BD-971B-1D3F6DDF2F29} => C:\Windows\system32\pcalua.exe -a C:\Users\SONY\Downloads\Programs\dotnetfx35.exe -d C:\Users\SONY\AppData\Roaming\IDM
Task: {43A1649D-DC45-4124-AC2B-A035B1CF71C2} - System32\Tasks\{EB9A4798-0743-454F-B2BF-F38511E8DCB9} => C:\Windows\system32\pcalua.exe -a F:\Launch.exe -d F:\
Task: {500054E6-6DF5-40A6-A12E-9CF2A24C7A41} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-30] (AVAST Software)
Task: {7CF0FCAD-88F6-448E-8598-8C83701CB4D1} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3111776467-951520387-2511800582-1001 => C:\Users\SONY\AppData\Local\MEGAsync\MEGAupdater.exe [2017-10-19] (Mega Limited)
Task: {804F2A76-98A4-4CA9-BCF8-1A25644B7B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-12] (Google Inc.)
Task: {88AE1556-9796-4504-8362-F05DF88CCEFB} - System32\Tasks\{C2C48794-75E6-4DCA-AD42-00742E6EF8EA} => D:\Program Files (x86)\Infogrames Interactive\Monopoly Tycoon\mc.exe
Task: {9037E793-17A4-46CA-A474-C60CB68CE1D4} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {983D8BF3-B63B-4251-8F6E-EEE9C9BE0B37} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {CA4AD179-87F1-4D05-B708-61457625969B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-30] (AVAST Software)
Task: {CE6EB8DC-C0B1-476E-936D-3D02044B8E16} - System32\Tasks\update-S-1-5-21-3111776467-951520387-2511800582-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D31B399E-EF82-4957-B862-DE2FBFEE4354} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {D71012F5-2C93-44BB-A250-F326A19FBF9C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {E85E190A-0C1E-485F-AEC5-A30C4A5470D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3111776467-951520387-2511800582-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-19 04:51 - 2017-10-19 04:51 - 000598528 _____ () C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll
2015-09-29 21:44 - 2014-08-23 16:24 - 000521216 _____ () D:\unikey42RC4-140823-win64\UniKeyNT.exe
2018-01-30 07:52 - 2018-01-30 07:52 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-30 07:52 - 2018-01-30 07:52 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-02-01 15:46 - 2018-02-01 15:46 - 005779088 _____ () C:\Program Files\AVAST Software\Avast\defs\18020102\algo.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-30 07:52 - 2018-01-30 07:52 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-02 12:16 - 2018-02-02 12:16 - 005779088 _____ () C:\Program Files\AVAST Software\Avast\defs\18020104\algo.dll
2018-02-02 16:17 - 2018-02-02 16:17 - 005779088 _____ () C:\Program Files\AVAST Software\Avast\defs\18020202\algo.dll
2018-02-03 00:18 - 2018-02-03 00:18 - 005779088 _____ () C:\Program Files\AVAST Software\Avast\defs\18020204\algo.dll
2017-10-19 04:58 - 2017-10-19 04:58 - 000570368 _____ () C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX32.dll
2017-09-11 06:15 - 2012-03-08 08:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2018-01-30 07:53 - 2018-01-30 07:53 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-30 07:52 - 2018-01-30 07:52 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:48F18D98 [266]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2018-02-02 12:03 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: LanmanServer => 3
MSCONFIG\Services: LanmanWorkstation => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: NetMsmqActivator => 3
MSCONFIG\Services: NetPipeActivator => 3
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: OpenVPNServiceLegacy => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: sftlist => 2
MSCONFIG\Services: sftvsa => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: stisvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSNService => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\startupfolder: C:^Users^SONY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Guard.lnk => C:\Windows\pss\Guard.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Trend Micro Titanium => "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0640621F-F40E-44B4-B0EB-6D05EAA4DC45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{73667FB8-F1E9-4EB3-B028-64D0448CD6A1}] => (Allow) LPort=2869
FirewallRules: [{F22876DA-4287-4ABF-9349-D5A14796C0FB}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F29192A8-2625-40C2-903F-4327EFE83CCF}D:\games\d&d lords of waterdeep\waterdeep.exe] => (Block) D:\games\d&d lords of waterdeep\waterdeep.exe
FirewallRules: [UDP Query User{74D5C880-3A0A-4445-BFCA-F5C4DFBAB474}D:\games\d&d lords of waterdeep\waterdeep.exe] => (Block) D:\games\d&d lords of waterdeep\waterdeep.exe
FirewallRules: [TCP Query User{89E52962-1F11-46E8-8B84-16161CE399E0}D:\games\football.tactics.update.06.12.2016\game.exe] => (Block) D:\games\football.tactics.update.06.12.2016\game.exe
FirewallRules: [UDP Query User{0B30A9C8-5C45-4348-921F-4579526C6F83}D:\games\football.tactics.update.06.12.2016\game.exe] => (Block) D:\games\football.tactics.update.06.12.2016\game.exe
FirewallRules: [{FC0B1459-9B49-488D-BDE1-FFE2BC40A792}] => (Allow) d:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{F08DAC1F-4C6C-4D83-B4EE-361C50594E63}] => (Allow) d:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FEEE1EA7-5996-42BE-ABB5-744EEEDFAE30}D:\program files (x86)\rails across america\rails.exe] => (Block) D:\program files (x86)\rails across america\rails.exe
FirewallRules: [UDP Query User{24F3C7F1-299D-47DB-BE67-D3A743F5E1EC}D:\program files (x86)\rails across america\rails.exe] => (Block) D:\program files (x86)\rails across america\rails.exe
FirewallRules: [TCP Query User{14841D92-FFE7-4CD7-A023-EF6BB5FE6538}C:\users\sony\appdata\local\temp\rar$exa0.338\adiirc.exe] => (Allow) C:\users\sony\appdata\local\temp\rar$exa0.338\adiirc.exe
FirewallRules: [UDP Query User{90847594-D897-422B-8950-769F0BC0FB5F}C:\users\sony\appdata\local\temp\rar$exa0.338\adiirc.exe] => (Allow) C:\users\sony\appdata\local\temp\rar$exa0.338\adiirc.exe
FirewallRules: [TCP Query User{A2BE6F62-5997-4879-B4EC-28093873CC88}D:\games\cookservedelicious2\csd2.exe] => (Block) D:\games\cookservedelicious2\csd2.exe
FirewallRules: [UDP Query User{55AAEAE0-236E-4004-A97D-FEA518BA86FF}D:\games\cookservedelicious2\csd2.exe] => (Block) D:\games\cookservedelicious2\csd2.exe
FirewallRules: [TCP Query User{55C53C0A-5DBE-477D-898E-38353781B3FC}D:\games\avorion.v0.14\bin\avorion.exe] => (Block) D:\games\avorion.v0.14\bin\avorion.exe
FirewallRules: [UDP Query User{A29F1134-F00D-4D0E-B5F9-1C31CBCC9811}D:\games\avorion.v0.14\bin\avorion.exe] => (Block) D:\games\avorion.v0.14\bin\avorion.exe
FirewallRules: [TCP Query User{71E313CD-1B10-424B-B646-7EF68DE81923}D:\games\avorion.v0.14\bin\avorionserver.exe] => (Block) D:\games\avorion.v0.14\bin\avorionserver.exe
FirewallRules: [UDP Query User{CBEA7D7F-21A9-4E72-80D5-A78B517E836B}D:\games\avorion.v0.14\bin\avorionserver.exe] => (Block) D:\games\avorion.v0.14\bin\avorionserver.exe
FirewallRules: [TCP Query User{DEEEC266-D850-4964-9C86-74EB1AE94983}C:\games\football.tactics.v25.12.2016\game.exe] => (Block) C:\games\football.tactics.v25.12.2016\game.exe
FirewallRules: [UDP Query User{0EECC9F6-AAC0-408D-AA27-9F51DF3FFAA1}C:\games\football.tactics.v25.12.2016\game.exe] => (Block) C:\games\football.tactics.v25.12.2016\game.exe
FirewallRules: [TCP Query User{EDA830AE-E706-409D-AA1D-0FB9826344B5}C:\games\silicon zeroes\silicon zeroes.exe] => (Block) C:\games\silicon zeroes\silicon zeroes.exe
FirewallRules: [UDP Query User{9AB0BDC1-C19D-4A55-A8FC-12844AB144C3}C:\games\silicon zeroes\silicon zeroes.exe] => (Block) C:\games\silicon zeroes\silicon zeroes.exe
FirewallRules: [TCP Query User{3F07F17F-81BB-40BD-A131-8E5A4EBB8B48}C:\games\sugarmill\sugarmill.exe] => (Block) C:\games\sugarmill\sugarmill.exe
FirewallRules: [UDP Query User{972362ED-6422-4F10-A2C4-B5A3D273C99A}C:\games\sugarmill\sugarmill.exe] => (Block) C:\games\sugarmill\sugarmill.exe
FirewallRules: [TCP Query User{50F72C68-9707-457A-9E55-9856A3563932}C:\program files (x86)\battle chasers nightwar\bc.exe] => (Block) C:\program files (x86)\battle chasers nightwar\bc.exe
FirewallRules: [UDP Query User{0DD35960-8494-4634-BDD6-6EC6C4690D2F}C:\program files (x86)\battle chasers nightwar\bc.exe] => (Block) C:\program files (x86)\battle chasers nightwar\bc.exe
FirewallRules: [TCP Query User{E3D9DDD3-EB94-4580-9646-0C67F1E5524E}C:\games\mashinky.v05.10.2017.en\mashinky.exe] => (Block) C:\games\mashinky.v05.10.2017.en\mashinky.exe
FirewallRules: [UDP Query User{B20B5304-C0B5-438C-81AF-79B208207CA9}C:\games\mashinky.v05.10.2017.en\mashinky.exe] => (Block) C:\games\mashinky.v05.10.2017.en\mashinky.exe
FirewallRules: [TCP Query User{6D0633FA-AA89-4230-92D7-741E7618BCF8}C:\games\vigilantes\vigilantes.exe] => (Block) C:\games\vigilantes\vigilantes.exe
FirewallRules: [UDP Query User{4ED1BA74-0EF7-4AE2-A239-818761E5B381}C:\games\vigilantes\vigilantes.exe] => (Block) C:\games\vigilantes\vigilantes.exe
FirewallRules: [TCP Query User{67F142A5-5BEC-4087-92FC-8F3BE61B6EE4}C:\games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) C:\games\computer.tycoon\computer tycoon\computertycoon.exe
FirewallRules: [UDP Query User{B449AF27-52C8-4301-BB04-A56B3776989D}C:\games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) C:\games\computer.tycoon\computer tycoon\computertycoon.exe
FirewallRules: [TCP Query User{C038C982-0AF5-4691-838E-214FBAA4F693}C:\games\epic tavern\epictavern.exe] => (Block) C:\games\epic tavern\epictavern.exe
FirewallRules: [UDP Query User{7FB240E2-7CE2-4507-8F4A-9173E5198E1E}C:\games\epic tavern\epictavern.exe] => (Block) C:\games\epic tavern\epictavern.exe
FirewallRules: [TCP Query User{E3EA0F34-8927-42D5-8DA3-7E06E3B81DF5}C:\games\mashinky.v13.10.2017\mashinky.exe] => (Block) C:\games\mashinky.v13.10.2017\mashinky.exe
FirewallRules: [UDP Query User{A0800B22-FFA3-4FA0-9ECF-350857AE1B4C}C:\games\mashinky.v13.10.2017\mashinky.exe] => (Block) C:\games\mashinky.v13.10.2017\mashinky.exe
FirewallRules: [TCP Query User{5B916CBD-A945-47EB-9576-436B8D96035F}C:\games\magic potion destroyer\game.exe] => (Block) C:\games\magic potion destroyer\game.exe
FirewallRules: [UDP Query User{01502F07-885C-48B7-BF9A-D8EF8841D204}C:\games\magic potion destroyer\game.exe] => (Block) C:\games\magic potion destroyer\game.exe
FirewallRules: [TCP Query User{8674454E-C2BF-4EB8-A484-4080A8C2B9D8}D:\games\opus magnum\lightning.exe] => (Block) D:\games\opus magnum\lightning.exe
FirewallRules: [UDP Query User{9C1D714F-8134-41C8-8BE8-9D1C816C1024}D:\games\opus magnum\lightning.exe] => (Block) D:\games\opus magnum\lightning.exe
FirewallRules: [{7658AE0B-E571-4007-A8D6-BC3BDCCD6E1D}] => (Block) %SystemDrive%\games\Mashinky.v13.10.2017\Mashinky.exe
FirewallRules: [{7CAE4F2D-A852-4ED8-B39D-B4168024AA2B}] => (Block) %SystemDrive%\games\Mashinky.v13.10.2017\Mashinky.exe
FirewallRules: [TCP Query User{3ED79320-DB20-4CC1-B8BB-90FF9ADF5D05}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B6BAEC58-236C-412A-853F-06C267D93238}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{38092AD2-E762-4F7E-BA42-5011BE73DD39}D:\games\fighting fantasy legends v1.35\fightingfantasy.exe] => (Block) D:\games\fighting fantasy legends v1.35\fightingfantasy.exe
FirewallRules: [UDP Query User{B1F91A2E-A47B-471E-80F1-A5BD7139CA6A}D:\games\fighting fantasy legends v1.35\fightingfantasy.exe] => (Block) D:\games\fighting fantasy legends v1.35\fightingfantasy.exe
FirewallRules: [TCP Query User{1D1C6F16-F761-4E5B-925D-AD8297490648}D:\games\mashinky v06.11.2017\mashinky.exe] => (Block) D:\games\mashinky v06.11.2017\mashinky.exe
FirewallRules: [UDP Query User{6F8D45BC-7A24-4E2D-A150-709AEE019ABE}D:\games\mashinky v06.11.2017\mashinky.exe] => (Block) D:\games\mashinky v06.11.2017\mashinky.exe
FirewallRules: [TCP Query User{EFB413ED-DF5B-42E5-AFCC-44E75BB7F4F6}D:\games\pawarumi\pawarumi.exe] => (Block) D:\games\pawarumi\pawarumi.exe
FirewallRules: [UDP Query User{8D79834A-8D8C-4667-9F77-A81FFE096A30}D:\games\pawarumi\pawarumi.exe] => (Block) D:\games\pawarumi\pawarumi.exe
FirewallRules: [TCP Query User{F381BADA-46DB-4EC6-8747-85EC4E013953}D:\games\the deal\the deal.exe] => (Block) D:\games\the deal\the deal.exe
FirewallRules: [UDP Query User{616BC4BE-C2EB-4AD4-A19F-B18CD55B5710}D:\games\the deal\the deal.exe] => (Block) D:\games\the deal\the deal.exe
FirewallRules: [TCP Query User{68AC6893-2FF5-4B74-BE62-05696C21A3D9}D:\program files (x86)\euro truck simulator 2\bin\win_x64\eurotrucks2.exe] => (Block) D:\program files (x86)\euro truck simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [UDP Query User{9B578F64-E658-4FCD-83B5-9FCFA1F37C4B}D:\program files (x86)\euro truck simulator 2\bin\win_x64\eurotrucks2.exe] => (Block) D:\program files (x86)\euro truck simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{1E6AA5DE-3AAD-4BA4-9D40-8E8F5D736103}D:\games\star.traders.frontiers.update.4\startradersfrontiers.exe] => (Block) D:\games\star.traders.frontiers.update.4\startradersfrontiers.exe
FirewallRules: [UDP Query User{92A8524C-9998-4459-9756-68B17688D31D}D:\games\star.traders.frontiers.update.4\startradersfrontiers.exe] => (Block) D:\games\star.traders.frontiers.update.4\startradersfrontiers.exe
FirewallRules: [TCP Query User{06D2A9CB-9ADE-4755-8E8E-D73A20A795DD}C:\program files (x86)\poc\pocxxl\bin\pocxxl.exe] => (Block) C:\program files (x86)\poc\pocxxl\bin\pocxxl.exe
FirewallRules: [UDP Query User{D92E9B3C-81FD-4B75-9D7D-D653E904B7DE}C:\program files (x86)\poc\pocxxl\bin\pocxxl.exe] => (Block) C:\program files (x86)\poc\pocxxl\bin\pocxxl.exe
FirewallRules: [{62DC8FB7-3F27-4EC0-BF2A-83CEC40F307A}] => (Block) %ProgramFiles% (x86)\poc\pocxxl\bin\pocxxl.exe
FirewallRules: [{FD6D3EEB-909C-4058-8D26-99F63A5BC1E3}] => (Block) D:\Program Files (x86)\GB3\GB3.exe
FirewallRules: [{A2B540B9-79A1-474B-B104-13B6855AD7A9}] => (Block) %ProgramFiles%\Defraggler\Defraggler64.exe
FirewallRules: [TCP Query User{EB9D7FF8-446B-497D-BBF0-0A0E726BDD43}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [UDP Query User{D15066C5-9F0D-4E24-AF0E-323A670AE1C0}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [{FF159FC7-C2F3-4E7A-A9E1-7A06096AC958}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-02-2018 14:22:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2018 02:15:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2018 01:44:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/01/2018 03:21:37 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-HK\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:37 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-HK\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TH-TH\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TH-TH\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-CN\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-CN\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDS.MFL while recovering .MOF file marked with autorecover.


System errors:
=============
Error: (02/03/2018 10:18:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (02/03/2018 10:15:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:15:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 10:01:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2018 09:55:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 4066.36 MB
Available physical RAM: 1771 MB
Total Virtual: 8160.54 MB
Available Virtual: 5902.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.82 GB) (Free:18.88 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:432.44 GB) (Free:32.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E547C7E0)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=432.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 February 2018 - 06:02 PM.


BC AdBot (Login to Remove)

 


#2 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 05 February 2018 - 12:39 PM

I found two suspicious process named "wisptis.exe" running from "wisptis.exe /QuitInfo" as my lap got a bit slow. When I suspended it, the machine goes sluggish until I ended it from Process Explorer.

Another process is "conhost.exe" and it is persistent.


Edited by rogp10, 05 February 2018 - 12:43 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 05 February 2018 - 06:01 PM

Greetings rogp10 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Which of these do you recognize as legitimate entries?

C:\Users\SONY\AppData\LocalLow\RewindApp
C:\Users\SONY\Documents\002.txt
C:\Users\SONY\Documents\cc1.txt
C:\Users\SONY\AppData\LocalLow\HermesInteractive
C:\Users\SONY\AppData\LocalLow\GameChanger Studio
C:\Users\SONY\AppData\LocalLow\Picaresque Studio
C:\Users\SONY\Downloads\[torviet.com].Sky.Force.Anniversary-TiNYiSO.torrent
D C:\Users\SONY\AppData\LocalLow\Northplay
D C:\Users\SONY\AppData\Roaming\com.filament.cps
C:\Users\SONY\AppData\LocalLow\Mana Games
C:\Users\SONY\AppData\Roaming\Click_Raid
C:\Users\SONY\Documents\serial_shady_grady.txt
C:\Users\SONY\AppData\Local\DungeonSouls
C:\Users\SONY\AppData\LocalLow\Pixel Prototype LLC
C:\Users\SONY\Documents\AutomaticSolution Software
C:\Users\SONY\AppData\LocalLow\William Cheek
C:\Users\SONY\AppData\LocalLow\WolfshipGames
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 05 February 2018 - 11:21 PM

I created those files myself:

 

C:\Users\SONY\Documents\002.txt
C:\Users\SONY\Documents\cc1.txt



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 06 February 2018 - 09:26 AM

Thank you.

Assuming you do not recognize the other entries consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2018-01-25 04:59 - 2018-01-25 04:59 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\RewindApp
2018-01-21 01:42 - 2018-01-21 01:42 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\HermesInteractive
2018-01-20 03:21 - 2018-01-20 03:21 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\GameChanger Studio
2018-01-19 16:05 - 2018-01-19 16:05 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Picaresque Studio
2018-01-19 16:00 - 2018-01-19 16:00 - 000000873 _____ C:\Users\SONY\Downloads\[torviet.com].Sky.Force.Anniversary-TiNYiSO.torrent
2018-01-19 13:48 - 2018-01-19 13:48 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Northplay
2018-01-18 20:25 - 2018-01-18 20:25 - 000000000 ____D C:\Users\SONY\AppData\Roaming\com.filament.cps
2018-01-18 19:44 - 2018-01-18 19:44 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mana Games
2018-01-18 19:17 - 2018-01-18 19:18 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Click_Raid
2018-01-18 18:42 - 2018-01-18 18:42 - 000000020 _____ C:\Users\SONY\Documents\serial_shady_grady.txt
2018-01-18 17:47 - 2017-04-28 05:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-01-18 17:47 - 2017-04-12 20:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-01-17 23:35 - 2018-01-18 00:01 - 000000000 ____D C:\Users\SONY\AppData\Local\DungeonSouls
2018-01-15 22:18 - 2018-01-15 22:18 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Pixel Prototype LLC
2018-01-13 21:06 - 2018-01-13 21:06 - 000000000 ____D C:\Users\SONY\Documents\AutomaticSolution Software
2018-01-13 21:03 - 2018-01-13 21:03 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\William Cheek
2018-01-13 20:41 - 2018-01-13 20:41 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\WolfshipGames
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
C:\tr
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 07 February 2018 - 12:06 AM

Both dllhost.exe have CLSID pointing to apps that I trust in. I wonder why they acted crazy, now everything runs well.

 

Here is the FRST log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by SONY (07-02-2018 08:19:36) Run:1
Running from C:\Users\SONY\Downloads\Programs
Loaded Profiles: SONY (Available Profiles: SONY)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2018-01-25 04:59 - 2018-01-25 04:59 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\RewindApp
2018-01-21 01:42 - 2018-01-21 01:42 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\HermesInteractive
2018-01-20 03:21 - 2018-01-20 03:21 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\GameChanger Studio
2018-01-19 16:05 - 2018-01-19 16:05 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Picaresque Studio
2018-01-19 16:00 - 2018-01-19 16:00 - 000000873 _____ C:\Users\SONY\Downloads\[torviet.com].Sky.Force.Anniversary-TiNYiSO.torrent
2018-01-19 13:48 - 2018-01-19 13:48 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Northplay
2018-01-18 20:25 - 2018-01-18 20:25 - 000000000 ____D C:\Users\SONY\AppData\Roaming\com.filament.cps
2018-01-18 19:44 - 2018-01-18 19:44 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mana Games
2018-01-18 19:17 - 2018-01-18 19:18 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Click_Raid
2018-01-17 23:35 - 2018-01-18 00:01 - 000000000 ____D C:\Users\SONY\AppData\Local\DungeonSouls
2018-01-15 22:18 - 2018-01-15 22:18 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Pixel Prototype LLC
2018-01-13 21:06 - 2018-01-13 21:06 - 000000000 ____D C:\Users\SONY\Documents\AutomaticSolution Software
2018-01-13 21:03 - 2018-01-13 21:03 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\William Cheek
2018-01-13 20:41 - 2018-01-13 20:41 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\WolfshipGames
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
C:\tr
emptytemp:

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\AthBTPort" => removed successfully
AthBTPort => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_A2DP" => removed successfully
BTATH_A2DP => service removed successfully
"HKLM\System\CurrentControlSet\Services\btath_avdt" => removed successfully
btath_avdt => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_BUS" => removed successfully
BTATH_BUS => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_HCRP" => removed successfully
BTATH_HCRP => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_LWFLT" => removed successfully
BTATH_LWFLT => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_RCP" => removed successfully
BTATH_RCP => service removed successfully
"HKLM\System\CurrentControlSet\Services\BTATH_VDP" => removed successfully
BTATH_VDP => service removed successfully
"HKLM\System\CurrentControlSet\Services\BtFilter" => removed successfully
BtFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
C:\Users\SONY\AppData\LocalLow\RewindApp => moved successfully
C:\Users\SONY\AppData\LocalLow\HermesInteractive => moved successfully
C:\Users\SONY\AppData\LocalLow\GameChanger Studio => moved successfully
C:\Users\SONY\AppData\LocalLow\Picaresque Studio => moved successfully
C:\Users\SONY\Downloads\[torviet.com].Sky.Force.Anniversary-TiNYiSO.torrent => moved successfully
C:\Users\SONY\AppData\LocalLow\Northplay => moved successfully
C:\Users\SONY\AppData\Roaming\com.filament.cps => moved successfully
C:\Users\SONY\AppData\LocalLow\Mana Games => moved successfully
C:\Users\SONY\AppData\Roaming\Click_Raid => moved successfully
C:\Users\SONY\AppData\Local\DungeonSouls => moved successfully
C:\Users\SONY\AppData\LocalLow\Pixel Prototype LLC => moved successfully
C:\Users\SONY\Documents\AutomaticSolution Software => moved successfully
C:\Users\SONY\AppData\LocalLow\William Cheek => moved successfully
C:\Users\SONY\AppData\LocalLow\WolfshipGames => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========

C:\tr => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14730367 B
Java, Flash, Steam htmlcache => 3562796 B
Windows/system/drivers => 240165 B
Edge => 0 B
Chrome => 13971157 B
Firefox => 595565291 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83993 B
systemprofile32 => 125328 B
LocalService => 0 B
NetworkService => 0 B
SONY => 21720495 B

RecycleBin => 0 B
EmptyTemp: => 619.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:19:55 ====


Edited by rogp10, 07 February 2018 - 05:22 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 07 February 2018 - 10:26 AM

Those results look good.

I need to follow up on one thing in the Fixlist I posted. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
Folder: C:\FRST\Quarantine\C\tr
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 07 February 2018 - 08:16 PM

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by SONY (08-02-2018 08:08:20) Run:3
Running from C:\Users\SONY\Downloads\Programs
Loaded Profiles: SONY (Available Profiles: SONY)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\FRST\Quarantine\C\tr

*****************


========================= Folder: C:\FRST\Quarantine\C\tr ========================

2017-09-29 02:11 - 2017-09-29 02:11 - 000016840 ____A [61EB18B9E5FA7249CA9DFE8F04138BF] () C:\FRST\Quarantine\C\tr\maint.log

====== End of Folder: ======
 


Edited by rogp10, 07 February 2018 - 08:17 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 07 February 2018 - 08:19 PM

Thank you.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Edited by Oh My!, 08 February 2018 - 09:56 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 10 February 2018 - 05:32 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 12 February 2018 - 09:37 AM

ESET OnlineScan found nothing.

 

Here is the log from RGSA:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 31st January, 2018
Running from:C:\Users\SONY\Downloads\Programs (21:28:42 - 02/12/2018)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 9.0.8112.16421 ==> is out of Date
Default Browser: D:\Program Files (x86)\Mozilla Firefox\firefox.exe
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (26.0.0.151) ==> is out of Date
Google Chrome (63.0.3239.132)
Java (7.0.10) ==> is out of Date
Malwarebytes (3.3.1.2183)

***----------------Analysis Complete-------------------------***

 

I might have found where these two processes come from, but the slowness is hard to replicate.


Edited by rogp10, 12 February 2018 - 09:38 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 12 February 2018 - 10:36 AM

Thank you for the information.

What information do you have about the processes?

We need to update some programs to close potential security issues. Please do this.

===================================================

Please update Internet Explorer via this link.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click on the FlashPlayer icon on your Desktop and allow the installer to run
  • When completed click Finish
===================================================

Updating Java Using Internet Explorer

-------------------

Note: Use Internet Explorer for these steps.
  • Click Start, type Internet Explorer, then hit Enter
  • Copy and paste http://java.com/en/download/testjava.jsp in the address bar then hit Enter
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Click Run
  • Click Install
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Processes?
  • Updates?
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 12 February 2018 - 08:43 PM

One of them is DllHost.exe /Processid:{78FD0120-D39C-45D8-A9BE-2B802B3C23E5}.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 AM

Posted 13 February 2018 - 09:55 AM

That is a legitimate process hosting .dll files. I don't see any malicious .dll files on your computer so I believe it is not indicative of malware.

Did the updates go OK?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 rogp10

rogp10
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 13 February 2018 - 11:32 AM

Both updates are successfully applied.


Edited by rogp10, 13 February 2018 - 11:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users