Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish PC - W32/Expiro suspected


  • This topic is locked This topic is locked
2 replies to this topic

#1 rogp10

rogp10

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 15 July 2018 - 05:02 AM

I found this process in Task Manager when my Windows comp ran slowly:

C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

 

Expiro scanner from KIS found nothing.

 

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by SONY (administrator) on SONY-VAIO (15-07-2018 14:01:14)
Running from C:\Users\SONY\Downloads\Programs
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
() D:\unikey42RC4-140823-win64\UniKeyNT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(f.lux Software LLC) C:\Users\SONY\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-03-15] (Synaptics Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [f.lux] => C:\Users\SONY\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-04] (f.lux Software LLC)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2017-06-09] (Tonec Inc.)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [UniKey] => D:\unikey42RC4-140823-win64\UniKeyNT.exe [521216 2014-08-23] ()
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Run: [DAEMON Tools Lite] => d:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_Plugin.exe [1348096 2018-02-13] (Adobe Systems Incorporated)
BootExecute: autocheck ndefrgautocheck autochk *
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-04-02] ()
Winsock: Catalog5-x64 10 C:\Windows\system32\PrxerNsp.dll [56936 2012-04-02] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3C74E63A-A862-40B3-8754-AAE95BCA783E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3C74E63A-A862-40B3-8754-AAE95BCA783E}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3111776467-951520387-2511800582-1001 -> DefaultScope {A58E2B75-7700-469B-84C9-F1C1352D8E5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYADF&pc=MASP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3111776467-951520387-2511800582-1001 -> {A58E2B75-7700-469B-84C9-F1C1352D8E5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYADF&pc=MASP&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-13] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jlsbc49a.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ms0789fe.default [2018-07-15]
FF NetworkProxy: Mozilla\Firefox\Profiles\jlsbc49a.default -> backup.ftp", "0.0.0.0"
FF Extension: (Multi-Account Containers) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\@testpilot-containers.xpi [2017-11-18] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-29] [Legacy]
FF Extension: (Tampermonkey) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\firefox@tampermonkey.net.xpi [2018-06-16]
FF Extension: (Toggle animated GIFs) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\giftoggle@simonsoftware.se.xpi [2018-03-14] [Legacy]
FF Extension: (HTTPS Everywhere) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\https-everywhere@eff.org.xpi [2018-06-22]
FF Extension: (Image and Flash Blocker) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\imgflashblocker@shimon.chohen.xpi [2017-09-14] [Legacy]
FF Extension: (Proxy Switcher) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2017-11-19] [Legacy]
FF Extension: (Google search link fix) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-09-10]
FF Extension: (Flash Block (Plus)) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-09-14]
FF Extension: (No More Blogger Redirect) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-oCwaAvW4FzkA5w@jetpack.xpi [2017-09-13] [Legacy]
FF Extension: (Strict Pop-up Blocker) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2017-12-29] [Legacy]
FF Extension: (Redirector) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\redirector@einaregilsson.com.xpi [2017-11-25]
FF Extension: (Tab Groups) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\tabgroups@quicksaver.xpi [2018-01-28] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-30]
FF Extension: (Session Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-10-31] [Legacy]
FF Extension: (Popup Blocker Ultimate) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-03-31] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\jlsbc49a.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-11-14] [Legacy]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-06-08]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SONY\AppData\Roaming\IDM\idmmzcc5 [2017-09-10] [Legacy] [not signed]
FF HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-13] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-13] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2018-03-14]
CHR Extension: (Presentation) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-12]
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-16]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]
CHR Extension: (Spreadsheet) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-12]
CHR Extension: (IDM Integration Module) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-03-14]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-08]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-08] () [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S4 MBAMService; d:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2017-09-13] (Disc Soft Ltd)
S2 EnergyDriver; C:\Program Files\Intel\Power Gadget 3.5\EnergyDriver.sys [18544 2017-08-02] () [File not signed]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-12 23:26 - 2018-07-12 23:26 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Artem Kotov
2018-07-12 22:34 - 2018-07-12 22:54 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-12 22:34 - 2018-07-12 22:34 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4172B693.sys
2018-07-12 22:34 - 2018-07-12 22:34 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-07-07 15:59 - 2018-07-07 15:59 - 000001922 _____ C:\Windows\system32\ndefrg.fls
2018-07-07 15:59 - 2017-08-25 14:21 - 000114272 _____ (Auslogics) C:\Windows\system32\ndefrg.exe
2018-07-04 16:25 - 2018-07-04 16:26 - 000000000 ____D C:\Windows\LastGood
2018-06-19 09:23 - 2018-06-19 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-06-19 09:11 - 2018-06-19 09:11 - 000000000 ____D C:\Python33
2018-06-19 09:11 - 2018-06-19 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3
2018-06-16 12:11 - 2018-06-16 12:32 - 000000000 ____D C:\Users\SONY\AppData\Roaming\discord
2018-06-16 12:11 - 2018-06-16 12:11 - 000002117 _____ C:\Users\SONY\Desktop\Discord.lnk
2018-06-16 12:11 - 2018-06-16 12:11 - 000000000 ____D C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-06-16 12:11 - 2018-06-16 12:11 - 000000000 ____D C:\Users\SONY\AppData\Local\Discord
2018-06-16 12:10 - 2018-06-16 12:11 - 000000000 ____D C:\Users\SONY\AppData\Local\SquirrelTemp
2018-06-16 02:03 - 2018-06-16 02:03 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\JointVentures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-15 14:01 - 2018-02-03 10:26 - 000000000 ____D C:\FRST
2018-07-15 14:01 - 2017-09-10 23:33 - 000000000 ____D C:\Users\SONY\AppData\Roaming\DMCache
2018-07-15 13:58 - 2017-09-10 17:59 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2018-07-15 13:55 - 2018-02-08 20:18 - 000000000 ____D C:\Users\SONY\AppData\Local\CrashDumps
2018-07-15 12:41 - 2017-09-16 17:02 - 000000000 ____D C:\Users\SONY\AppData\Roaming\vlc
2018-07-13 19:05 - 2017-09-10 23:33 - 000000000 ____D C:\Users\SONY\AppData\Roaming\IDM
2018-07-13 17:38 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\Registration
2018-07-12 22:35 - 2017-12-09 08:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-10 18:34 - 2009-07-14 12:13 - 000799256 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-10 18:34 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-07-10 12:23 - 2017-12-08 23:11 - 000002036 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-09 23:54 - 2017-09-29 02:12 - 000000000 ____D C:\Program Files\Recuva
2018-07-09 23:51 - 2018-03-05 10:42 - 000000000 ____D C:\test
2018-07-08 22:45 - 2017-10-15 04:32 - 000000000 ____D C:\video
2018-07-04 14:57 - 2017-09-10 17:02 - 000000000 ____D C:\Users\SONY
2018-07-04 14:47 - 2017-09-10 23:41 - 000000000 ____D C:\games
2018-06-28 13:43 - 2009-07-14 11:45 - 000020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-28 13:43 - 2009-07-14 11:45 - 000020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-28 13:36 - 2017-09-11 06:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-28 12:57 - 2017-09-23 13:40 - 000000000 ____D C:\Users\SONY\Documents\My Games
2018-06-27 11:29 - 2017-09-24 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-06-27 11:11 - 2017-09-24 02:27 - 000000000 ____D C:\GOG Games
2018-06-16 12:48 - 2017-10-28 22:43 - 000002363 _____ C:\Users\SONY\Documents\fastssh.tlp

==================== Files in the root of some directories =======

2017-09-10 17:09 - 2017-09-10 17:09 - 000000017 _____ () C:\Users\SONY\AppData\Local\resmon.resmoncfg
2017-10-24 14:55 - 2017-10-24 14:55 - 000000003 _____ () C:\Users\SONY\AppData\Local\updater.log
2017-10-24 14:55 - 2017-10-24 14:58 - 000000059 _____ () C:\Users\SONY\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 04:07

==================== End of FRST.txt ============================

 

And here is the Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by SONY (15-07-2018 14:02:48)
Running from C:\Users\SONY\Downloads\Programs
Windows 7 Home Premium Service Pack 1 (X64) (2017-09-10 10:02:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3111776467-951520387-2511800582-500 - Administrator - Disabled)
Guest (S-1-5-21-3111776467-951520387-2511800582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3111776467-951520387-2511800582-1002 - Limited - Enabled)
SONY (S-1-5-21-3111776467-951520387-2511800582-1001 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C1DA63E-3B80-46B5-64CC-8BE27A0C3FB4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
CLUE Classic (HKLM-x32\...\CLUE Classic1.0) (Version: 1.0 - Adnan_Boy 2008)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
Everyday Genius. Square Logic (HKLM-x32\...\Everyday Genius. Square Logic) (Version: 1.0 - GameHouse)
Evochron Mercenary (HKLM-x32\...\Evochron Mercenary_is1) (Version:  - StarWraith 3D Games LLC)
f.lux (HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\Flux) (Version:  - f.lux Software LLC)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (3.0.2) (HKLM-x32\...\Gpg4win) (Version: 3.0.2 - The Gpg4win Project)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
Microsoft .NET Framework 4 Extended 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Extended CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Extended CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-4e4e345d-37c8-45f3-9fe2-00529cac5340) (Version:  - Epic Games, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.4.4-I601  (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
Order of Battle World War II Sandstorm (HKLM-x32\...\Order of Battle World War II Sandstorm_is1) (Version:  - )
Proxifier version 3.15 (HKLM-x32\...\Proxifier_is1) (Version: 3.15 - Initex)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Puzzle Quest (HKLM-x32\...\Puzzle Quest1.01) (Version: 1.01 - Infinite Interactive)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
PYV_x86 (HKLM-x32\...\{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}) (Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\1445250539_is1) (Version: 2.0.0.6 - GOG.com)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.0 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
VMware ThinApp (HKLM-x32\...\{1EA24558-44FD-4907-A6BA-307D83EFE8C4}) (Version: 4.7.7101 - VMware, Inc.)
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3111776467-951520387-2511800582-1001\...\WinDirStat) (Version:  - )
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
حزمة اللغة العربية الموسعة لـ Microsoft .NET Framework 4 (HKLM\...\Microsoft .NET Framework 4 Extended ARA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => d:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E09E2F-309C-482E-9BDD-048A4CA24607} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)

Task: {2044FB36-DD50-425D-BD51-C4E8B60C3349} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-12] (Google Inc.)
Task: {29B1D960-F345-4AFD-9163-E49B404FA55F} - System32\Tasks\{A5EFD92C-11CD-46BD-971B-1D3F6DDF2F29} => C:\Windows\system32\pcalua.exe -a C:\Users\SONY\Downloads\Programs\dotnetfx35.exe -d C:\Users\SONY\AppData\Roaming\IDM
Task: {43A1649D-DC45-4124-AC2B-A035B1CF71C2} - System32\Tasks\{EB9A4798-0743-454F-B2BF-F38511E8DCB9} => C:\Windows\system32\pcalua.exe -a F:\Launch.exe -d F:\
Task: {7CF0FCAD-88F6-448E-8598-8C83701CB4D1} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3111776467-951520387-2511800582-1001 => C:\Users\SONY\AppData\Local\MEGAsync\MEGAupdater.exe [2017-10-19] (Mega Limited)
Task: {804F2A76-98A4-4CA9-BCF8-1A25644B7B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-12] (Google Inc.)
Task: {9037E793-17A4-46CA-A474-C60CB68CE1D4} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {983D8BF3-B63B-4251-8F6E-EEE9C9BE0B37} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {CE6EB8DC-C0B1-476E-936D-3D02044B8E16} - System32\Tasks\update-S-1-5-21-3111776467-951520387-2511800582-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D31B399E-EF82-4957-B862-DE2FBFEE4354} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {D71012F5-2C93-44BB-A250-F326A19FBF9C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {E85E190A-0C1E-485F-AEC5-A30C4A5470D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3111776467-951520387-2511800582-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-19 04:51 - 2017-10-19 04:51 - 000598528 _____ () C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX64.dll
2018-03-19 06:40 - 2018-03-19 06:40 - 000230064 _____ () d:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-29 21:44 - 2014-08-23 16:24 - 000521216 _____ () D:\unikey42RC4-140823-win64\UniKeyNT.exe
2017-10-19 04:58 - 2017-10-19 04:58 - 000570368 _____ () C:\Users\SONY\AppData\Local\MEGAsync\ShellExtX32.dll
2017-09-11 06:15 - 2012-03-08 08:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:48F18D98 [266]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2018-06-23 12:17 - 000001050 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0      redshell.io
0.0.0.0      api.redshell.io
0.0.0.0      treasuredata.com
0.0.0.0      in.treasuredata.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3111776467-951520387-2511800582-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: cvhsvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: LanmanServer => 3
MSCONFIG\Services: LanmanWorkstation => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: NetMsmqActivator => 3
MSCONFIG\Services: NetPipeActivator => 3
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: OpenVPNServiceLegacy => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: sftlist => 2
MSCONFIG\Services: sftvsa => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TimeTrexApache => 2
MSCONFIG\Services: TimeTrexPostgreSQL => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSNService => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^Users^SONY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Guard.lnk => C:\Windows\pss\Guard.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\SONY\AppData\Local\Discord\app-0.0.301\Discord.exe --start-minimized
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Trend Micro Titanium => "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2123BFC2-85C6-4656-A33D-57372EBC9521}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{20A12048-7192-4FD9-86DB-C658645772CF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{23B9507E-6F64-48C0-8FFE-0EE61A36602F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{994C6191-4583-416B-BDCF-CEE82E4E6DF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5C65E05E-0A7D-46F6-A36F-43A54B3D3B2E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{AE7EE3FE-312C-4E15-B8F8-D8E34B362031}C:\users\sony\appdata\local\temp\evbf562.tmp] => (Block) C:\users\sony\appdata\local\temp\evbf562.tmp
FirewallRules: [UDP Query User{19357143-AAA3-424D-9995-DE6D8FA7F9B6}C:\users\sony\appdata\local\temp\evbf562.tmp] => (Block) C:\users\sony\appdata\local\temp\evbf562.tmp
FirewallRules: [TCP Query User{961C895F-CC2C-421A-B6B2-E591792C5CD7}C:\users\sony\appdata\local\temp\evbf533.tmp] => (Block) C:\users\sony\appdata\local\temp\evbf533.tmp
FirewallRules: [UDP Query User{A06B0365-5118-42F8-9AEB-FFF362AB7040}C:\users\sony\appdata\local\temp\evbf533.tmp] => (Block) C:\users\sony\appdata\local\temp\evbf533.tmp
FirewallRules: [TCP Query User{DE3626C0-BAAD-4BD6-B6D6-65E502F63AD1}C:\users\sony\appdata\local\temp\evb125.tmp] => (Block) C:\users\sony\appdata\local\temp\evb125.tmp
FirewallRules: [UDP Query User{EF1722B0-AC29-4930-9777-F3C432E6AD0B}C:\users\sony\appdata\local\temp\evb125.tmp] => (Block) C:\users\sony\appdata\local\temp\evb125.tmp


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2018 02:15:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2018 01:44:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/01/2018 03:21:37 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-HK\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:37 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-HK\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TH-TH\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TH-TH\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-CN\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ZH-CN\MSFEEDS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDSBS.MFL while recovering .MOF file marked with autorecover.

Error: (02/01/2018 03:21:31 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDS.MFL while recovering .MOF file marked with autorecover.


System errors:
=============


CodeIntegrity:
===================================
  Date: 2018-01-30 20:56:03.797
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-30 20:56:03.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 4066.36 MB
Available physical RAM: 2774.45 MB
Total Virtual: 8160.54 MB
Available Virtual: 6503.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.82 GB) (Free:24.24 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:432.44 GB) (Free:70.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E547C7E0)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=432.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 18 July 2018 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

I found this process in Task Manager when my Windows comp ran slowly:
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}


This is a valid program that is required to run at startup.
https://www.bleepingcomputer.com/startups/dllhost.exe-25641.html
===


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys

CMD:  net start winmgmt

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 24 July 2018 - 07:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users