Thanks for your reply ..
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/09/2016
Scan Time: 10.51
Logfile: Malware.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.09.11.02
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 10
CPU: x64
File System: NTFS
User: sonny
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341610
Time Elapsed: 40 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe, 8116, Delete-on-Reboot, [cf0fdb958c0e023432adfec47f84d729]
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Files: 10
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libcurl-4.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libiconv-2.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libidn-11.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libintl-8.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\msupdate.7z, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\msvcrt.dll, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\proxy.conf, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\zlib1.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729],
Physical Sectors: 0
(No malicious items detected)
(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by sonny (administrator) on ENERA (11-09-2016 13:05:39)
Running from C:\Users\sonny\Downloads\Programs
Loaded Profiles: sonny (Available Profiles: sonny)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [BitTorrent] => C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe [1930760 2016-03-05] (BitTorrent Inc.)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIN2E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-06] (Piriform Ltd)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3952696 2016-08-06] (Tonec Inc.)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [tsiVideo] => C:\Users\sonny\AppData\Local\Temp\mdi164.dll [1495040 2016-09-10] () <===== ATTENTION
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
Startup: C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kirim ke OneNote.lnk [2016-02-28]
ShortcutTarget: Kirim ke OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{9212291d-ca2e-4c08-8a9c-c722de3589c5}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/28
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/28
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> {4AD43A14-AA87-4d4b-A345-B0BC1C61BC76} URL = hxxp://www.google.cn/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-08-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\sonny\AppData\Roaming\Mozilla\Firefox\Profiles\rn7e45hk.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-25] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\sonny\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\sonny\AppData\Roaming\IDM\idmmzcc5 [2016-09-11] [not signed]
Chrome:
=======
CHR Profile: C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-07]
CHR Extension: (Google Docs) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-07]
CHR Extension: (Google Drive) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-07]
CHR Extension: (YouTube) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-07]
CHR Extension: (Google Sheets) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
CHR Extension: (IDM Integration Module) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-07]
CHR Extension: (Gmail) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-07]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
S3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [111696 2016-02-25] ()
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
U3 aspnet_state; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-11 13:04 - 2016-09-11 13:05 - 00000000 ____D C:\FRST
2016-09-11 12:58 - 2016-09-11 12:58 - 00002474 _____ C:\Malware.txt
2016-09-10 21:34 - 2016-09-11 12:53 - 00002058 _____ C:\Users\sonny\Desktop\Rkill.txt
2016-09-09 17:41 - 2016-09-09 17:41 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2016-09-09 17:41 - 2016-09-09 17:41 - 00000000 ____D C:\ProgramData\Arturia
2016-09-09 16:20 - 2016-09-09 17:41 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-09-09 16:19 - 2016-09-09 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
2016-09-09 16:16 - 2016-09-09 20:50 - 00000000 ____D C:\ProgramData\eLicenser
2016-09-09 16:16 - 2016-09-09 17:41 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2016-09-09 16:16 - 2009-09-17 17:20 - 01695232 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\synsoacc.dll
2016-09-09 16:16 - 2009-09-17 17:20 - 01261568 ____N (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2016-09-09 16:16 - 2009-05-19 16:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2016-09-09 16:16 - 2006-01-29 11:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2016-09-09 14:27 - 2016-09-09 14:36 - 00000000 ____D C:\Users\sonny\Downloads\Arturia.V.Collection.2010.v2.0+Presets.Incl.Keygen-AiR
2016-09-09 12:39 - 2016-09-11 12:32 - 00000000 ____D C:\Users\sonny\AppData\LocalLow\BitTorrent
2016-09-09 12:39 - 2016-09-09 12:39 - 00047890 _____ C:\Users\sonny\Downloads\[kickass.unblocked.live].torrent
2016-09-09 10:47 - 2016-09-09 10:47 - 00000000 ____D C:\Users\sonny\AppData\Roaming\PE Explorer
2016-09-08 12:55 - 2016-09-08 12:55 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes
2016-09-08 12:54 - 2016-09-08 12:54 - 00000000 ____D C:\Users\sonny\Documents\Sugar Bytes
2016-09-08 12:54 - 2016-09-08 12:54 - 00000000 ____D C:\Program Files\Sugar Bytes
2016-09-07 09:23 - 2016-09-07 09:23 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-07 09:23 - 2016-09-07 09:23 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-07 09:06 - 2016-09-11 12:31 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 09:06 - 2016-09-11 11:11 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 09:06 - 2016-09-07 09:06 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-07 09:06 - 2016-09-07 09:06 - 00003734 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-06 00:38 - 2016-09-10 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-09-06 00:38 - 2016-09-06 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-09-05 23:57 - 2016-09-11 09:23 - 00000000 ____D C:\Users\sonny\AppData\Roaming\vlc
2016-09-05 23:56 - 2016-09-05 23:56 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-05 23:56 - 2016-09-05 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-05 23:35 - 2016-09-05 23:35 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-05 23:35 - 2016-09-05 23:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-05 23:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-05 23:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-05 23:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-05 23:06 - 2016-09-09 11:01 - 00000000 ____D C:\Users\sonny\AppData\Roaming\IDM
2016-09-05 23:06 - 2016-09-05 23:08 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-09-05 23:06 - 2016-09-05 23:06 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-09-05 23:06 - 2016-09-05 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-09-05 22:19 - 2016-09-05 22:19 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-09-05 22:03 - 2016-09-05 22:23 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 22:03 - 2016-09-05 22:03 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-09-05 22:03 - 2016-09-05 22:03 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 22:03 - 2016-09-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 21:52 - 2016-09-05 21:52 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-31 17:09 - 2016-08-31 17:09 - 00000000 ___SD C:\Users\sonny\Documents\My Data Sources
2016-08-31 14:22 - 2016-08-31 14:23 - 00047430 _____ C:\Users\sonny\Downloads\Register DO'2016.xlsx
2016-08-28 18:56 - 2016-08-28 18:56 - 00000761 _____ C:\Users\sonny\Downloads\Music - Shortcut.lnk
2016-08-27 08:57 - 2016-08-27 08:57 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-27 08:55 - 2016-08-27 08:55 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Skype
2016-08-22 15:58 - 2016-09-08 12:41 - 00000000 ____D C:\Users\sonny\Documents\u-he
2016-08-22 15:58 - 2016-09-08 12:41 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
2016-08-20 23:39 - 2016-08-20 23:39 - 00000045 _____ C:\WINDOWS\SysWOW64\_WKERNEL.FRE
2016-08-20 23:38 - 2016-08-21 00:42 - 00000000 ____D C:\Program Files (x86)\WinUtilities Undelete
2016-08-20 23:38 - 2016-08-20 23:38 - 00001101 _____ C:\Users\Public\Desktop\WinUtilities Undelete.lnk
2016-08-20 23:38 - 2016-08-20 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities Undelete
2016-08-20 23:38 - 2007-09-10 13:24 - 00544768 _____ (Stardock Corporation) C:\WINDOWS\SysWOW64\wbocx.ocx
2016-08-20 23:38 - 2007-08-31 12:52 - 00056496 _____ (Stardock.Net, Inc) C:\WINDOWS\SysWOW64\wbhelp2.dll
2016-08-20 23:38 - 2007-08-31 12:52 - 00033968 _____ (Neil Banfield) C:\WINDOWS\SysWOW64\anim.dll
2016-08-20 23:38 - 2004-12-07 10:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2016-08-20 23:38 - 1999-11-22 15:50 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF32.DLL
2016-08-20 23:38 - 1999-11-22 15:50 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF16.DLL
2016-08-20 22:51 - 2016-08-20 22:51 - 00003322 _____ C:\WINDOWS\System32\Tasks\{AF6A27EB-295F-4B7C-92FA-77EC0D3A2E53}
2016-08-20 13:13 - 2016-08-20 13:13 - 00045979 _____ C:\Users\sonny\Downloads\Laporan Produksi per tanggal 20 Agustus 2016.xlsx
2016-08-13 19:06 - 2016-08-13 19:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-13 19:05 - 2016-09-05 23:06 - 00001082 _____ C:\Users\sonny\Desktop\Internet Download Manager.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-11 13:02 - 2015-11-30 11:24 - 00000000 ____D C:\Users\sonny\AppData\Roaming\BitTorrent
2016-09-11 12:51 - 2015-12-29 13:49 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-11 12:47 - 2015-11-07 21:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A46B3307-19F6-44FF-9A71-EB874F9CD2CE}
2016-09-11 12:31 - 2016-04-11 16:31 - 00000931 _____ C:\WINDOWS\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9}.job
2016-09-11 12:31 - 2016-03-12 21:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-11 12:30 - 2015-12-18 07:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 12:29 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\security
2016-09-11 12:29 - 2015-10-30 13:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-11 12:28 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\AppData\Roaming\DMCache
2016-09-11 06:42 - 2015-10-25 21:26 - 00000000 ____D C:\Users\sonny\AppData\Local\Adobe
2016-09-10 12:40 - 2016-01-20 10:31 - 00000000 ____D C:\Betomix
2016-09-10 11:49 - 2015-11-12 21:47 - 00948486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-10 11:49 - 2015-10-30 14:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-10 11:02 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\Downloads\Video
2016-09-10 09:54 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\System
2016-09-10 09:10 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\Downloads\Compressed
2016-09-09 20:46 - 2016-01-19 20:43 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2016-09-09 09:16 - 2016-07-19 10:33 - 00003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForsonny
2016-09-09 09:16 - 2016-07-19 10:33 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForsonny.job
2016-09-07 09:23 - 2015-10-24 18:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-07 09:23 - 2015-10-24 18:58 - 00000000 ____D C:\Users\sonny\AppData\Local\Google
2016-09-06 00:10 - 2016-01-28 10:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-05 23:55 - 2015-10-25 06:06 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-09-05 21:52 - 2015-10-30 14:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-05 21:52 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-03 21:02 - 2015-10-24 18:39 - 00000000 ____D C:\Users\sonny\AppData\Local\Packages
2016-08-29 16:49 - 2015-12-18 07:18 - 00000000 ____D C:\Users\sonny
2016-08-27 08:57 - 2015-11-12 22:00 - 00002402 _____ C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-27 08:57 - 2015-11-05 17:20 - 00000000 ___RD C:\Users\sonny\OneDrive
2016-08-24 12:36 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 13:01 - 2016-02-27 22:06 - 00000000 ____D C:\Users\sonny\AppData\Roaming\ToguAudioLine
2016-08-22 20:00 - 2012-09-19 09:56 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-08-22 16:17 - 2016-01-05 15:29 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-08-21 02:11 - 2016-02-01 06:59 - 00014848 _____ C:\Users\sonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-15 12:32 - 2016-04-11 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-08-14 07:02 - 2015-10-26 06:33 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Media Player Classic
==================== Files in the root of some directories =======
2014-01-08 22:00 - 2014-01-08 22:00 - 2387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2016-06-16 14:52 - 2016-06-16 14:52 - 0000030 _____ () C:\Users\sonny\AppData\Roaming\.pgbiasfx
2015-12-29 12:54 - 2015-12-30 09:47 - 0000033 _____ () C:\Users\sonny\AppData\Roaming\AdobeWLCMCache.dat
2015-12-31 06:49 - 2015-12-31 06:52 - 229845735 _____ () C:\Users\sonny\AppData\Local\ACCCx3_4_3_189.zip.aamdownload
2015-12-31 06:49 - 2015-12-31 06:51 - 0002657 _____ () C:\Users\sonny\AppData\Local\ACCCx3_4_3_189.zip.aamdownload.aamd
2016-02-01 06:59 - 2016-08-21 02:11 - 0014848 _____ () C:\Users\sonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-06 23:18 - 2015-12-06 23:18 - 0977851 _____ () C:\Users\sonny\AppData\Local\ISO-Burner_661.rar
2015-11-17 06:21 - 2015-11-17 06:22 - 0007605 _____ () C:\Users\sonny\AppData\Local\resmon.resmoncfg
2015-10-24 18:41 - 2015-10-24 18:41 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-04-26 07:15 - 2016-04-26 07:16 - 0000177 _____ () C:\ProgramData\Temp.log
Files to move or delete:
====================
C:\Users\sonny\AppData\Local\Temp\mdi164.dll
Some files in TEMP:
====================
C:\Users\sonny\AppData\Local\Temp\mdi064.dll
C:\Users\sonny\AppData\Local\Temp\mdi164.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-06 08:49
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by sonny (11-09-2016 13:07:54)
Running from C:\Users\sonny\Downloads\Programs
Windows 10 Home Single Language Version 1511 (X64) (2015-12-18 00:48:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1350135555-1384265764-1047298360-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1350135555-1384265764-1047298360-503 - Limited - Disabled)
Guest (S-1-5-21-1350135555-1384265764-1047298360-501 - Limited - Disabled)
sonny (S-1-5-21-1350135555-1384265764-1047298360-1001 - Administrator - Enabled) => C:\Users\sonny
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM-x32\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CCleaner 5.21.5700 (HKLM-x32\...\CCleaner 5.21.5700) (Version: 5.21.5700 - SandySeedings Team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: build 25 - Crackingpatching.com Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 id) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 id)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.0.533 - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.0.0.1501 - Native Instruments)
Native Instruments Reaktor 6 Bundle (HKLM-x32\...\Native Instruments Reaktor 6 Bundle) (Version: 6.0.0.0 - Native Instruments)
Native Instruments Reaktor Blocks (HKLM-x32\...\Native Instruments Reaktor Blocks) (Version: 1.0.0.12 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Penghapusan Instalan Printer EPSON L220 Series (HKLM\...\EPSON L220 Series) (Version: - SEIKO EPSON Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Sugar Bytes Guitarist 1.0.2 (HKLM\...\Guitarist_is1) (Version: 1.0.2 - Sugar Bytes)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TAL-U-NO-LX-V2 (64bit) (HKLM\...\{FC406C86-52D0-41DC-B5CE-0446BEFB0156}) (Version: 1.3.7 - TAL - Togu Audio Line)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinUtilities Undelete 3.1 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043A06}_is1) (Version: - YL Computing, Inc)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DEEB980-FAB0-4FBA-8DBA-962337EAE5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F721430-C4DB-4349-B5C9-7FB6DEA6518E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1791265D-960D-430A-B4F6-A288435DEDD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {1DE7688A-8733-4C4E-8742-F605FCB35B1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {1E3876DC-4349-43C7-AAEF-46DB203C6C0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {231B4CFD-1BC7-4CEE-B8E7-DA6370EB25D6} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation)
Task: {2B58A96B-FA1B-4FBF-B928-BAA92BA1A70D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-07] (Google Inc.)
Task: {39BF4458-EF1F-424E-8EAE-F0F0F91F397E} - System32\Tasks\{DA4D9FBC-9315-4E43-B684-AFAEFA2D55E4} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall
Task: {48D8114F-6D9B-49E9-A792-DAE90A047AA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {4B7701A3-1FAC-4E93-964B-89ECFEEA9967} - System32\Tasks\AdobeAAMUpdater-1.0-Enera-sonny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {4D598BF5-8E42-41C9-A6EE-362AD9E34575} - System32\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {4FB002D6-8EEE-4844-BCCB-DF0943E019D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-07] (Google Inc.)
Task: {6A59B156-AC8A-48BC-8410-0316C58DD4A2} - System32\Tasks\HPCeeScheduleForsonny => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6E8FF5D6-D60F-4F2A-AAF2-0C4DA65A104C} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {7134873E-BCFB-4FA6-924F-24FAC4801A43} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8997618E-A6CF-42A8-B306-8407BBBAAFC3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {977C89FC-2220-4E1E-99B8-36B9A0174F25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-05] (Microsoft Corporation)
Task: {9B4BDD1A-D5F9-4C3D-8D65-D020AA56AC7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9CC9C6E2-0B9C-4005-A52E-9A9075110897} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A31A65B4-8613-46CA-8A54-B462F1869DF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD5407D5-D11F-46B2-9657-152E0452E472} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BBCEBD0D-4952-4987-9D5A-AD17A4F2D16B} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C9B7DE8E-A7AE-44D1-80F4-DFACAC2722ED} - System32\Tasks\{AA980117-D0A9-4F38-9210-D189F8BA707F} => pcalua.exe -a C:\Users\sonny\Downloads\Programs\L220_x86_222JAUsHomeExportAsiaML.exe -d C:\Users\sonny\AppData\Roaming\IDM
Task: {D0390F62-5EA9-4A6E-B50E-150E5B498F8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {D84B0E46-D8D0-4499-9B0B-FE253CBC484D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {DA1E9BEC-A37A-45A7-914B-D0983C781B83} - System32\Tasks\Gohfet => C:\PROGRA~1\SHOPPE~1\Acifa.bat <==== ATTENTION
Task: {DB0DEB39-429E-4563-86DC-C9E538827E8E} - System32\Tasks\{F5158DDC-DA1A-4C5A-877A-8000C80DBC4B} => pcalua.exe -a "C:\Users\sonny\Downloads\Positive Grid BIAS FX v1.3.2.1190-R2R [oddsox]\Positive.Grid.BIAS.FX.v1.3.2.1190.Incl.Keygen-R2R\R2R\PositiveGrid_KeyGen.exe" -d "C:\Users\sonny\Downloads\Positive Grid BIAS FX v1.3.2.1190-R2R [oddsox]\Positive.Grid.BIAS.FX.v1.3.2.1190.Incl.Keygen-R2R\R2R"
Task: {E597243D-BB53-4E96-BFED-9F39A873B483} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {E9CDA39E-A692-4206-89BF-08C90C545BA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {EC81FE7C-1E59-493B-9023-864405E18631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F53E0B24-10D9-4664-AE5D-B44082FF4000} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F5ADC92B-67A6-46A0-8321-AA5855563563} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F6B43B30-E2EF-434A-B469-3C28A2EE2FED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-05] (Microsoft Corporation)
Task: {F78FF3AE-3AF1-4F45-A82A-85B3F6923B05} - System32\Tasks\{AF6A27EB-295F-4B7C-92FA-77EC0D3A2E53} => pcalua.exe -a C:\Users\sonny\Downloads\Programs\pci_filerecovery.exe -d C:\Users\sonny\Downloads\Programs
Task: {FBC0045D-C52C-4770-8597-33EFB1E41522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-06] (Piriform Ltd)
Task: {FCC234D6-677D-4121-BFD7-A8BF59ECFEB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE:/EXE:{A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9} /F:Update WORKGROUP\ENERA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForsonny.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\sonny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 14:18 - 2015-10-30 14:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 01:09 - 2016-07-01 11:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 01:09 - 2016-07-01 11:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 08:56 - 2016-08-27 08:56 - 01864384 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-03-15 08:23 - 2016-08-31 14:02 - 08921800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 11:11 - 2015-12-07 11:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 01:10 - 2016-07-01 10:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-16 01:09 - 2016-07-01 10:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 01:09 - 2016-07-01 10:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 01:09 - 2016-07-01 10:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 01:09 - 2016-07-01 10:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-03-07 01:37 - 2012-03-07 01:37 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-07 09:23 - 2016-08-31 09:16 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libglesv2.dll
2016-09-07 09:23 - 2016-08-31 09:16 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libegl.dll
2016-03-15 08:24 - 2016-08-31 14:13 - 08921800 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-27 08:55 - 2016-08-27 08:55 - 01383616 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 08:56 - 2016-08-27 08:56 - 00118976 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-10 09:06 - 2016-09-10 09:06 - 01495040 _____ () C:\Users\sonny\AppData\Local\Temp\mdi164.dll
2013-05-21 14:19 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 20:25 - 2016-02-26 14:25 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05A730FD-03DE-4015-87A8-9AB8482CA559}] => (Allow) LPort=1900
FirewallRules: [{FE17A440-6144-4ABF-9D72-A7FB05D17301}] => (Allow) LPort=2869
FirewallRules: [{24A551A7-8411-4795-AB0C-7F96780E010D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55966ACB-F293-456E-A80B-28BF417007F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5526B4A0-55AB-4466-BD7D-AF8BBF7E81B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4EEB723-8123-45EC-B8E3-74536B7599EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5E66C6FF-18A9-415A-85FE-9193A4A30B3B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A7FBB38A-E2E3-492B-A247-AE813B28503E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BB9BB840-43A3-45C4-B401-425E1ADF4B73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ACF03570-AE1A-41A6-BC8C-B5CA533855E5}] => (Block) 127.0.0.1 lmlicenses.wip4.adobe.com
FirewallRules: [{4C2EBF76-A0A6-4C9A-9CD0-5E9EDC0FB1E9}] => (Block) 127.0.0.1 lm.licenses.adobe.com
FirewallRules: [{B3A7D8D1-4621-4A9B-AA98-BFBCC2FBA388}] => (Block) 127.0.0.1 na1r.services.adobe.com
FirewallRules: [{A5C5CC76-F444-41C2-A9CB-2199998A6BD0}] => (Block) 127.0.0.1 hlrcv.stage.adobe.com
FirewallRules: [{AEE09D33-A58E-4702-BAC0-7316459BF0E6}] => (Block) 127.0.0.1 practivate.adobe.com
FirewallRules: [{579FC2A1-66C2-4A73-94BC-7870C91FB5E5}] => (Block) 127.0.0.1 activate.adobe.com
FirewallRules: [{D0A46387-6767-4693-9B36-A399D5E67EFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E487AD9D-B107-45B4-9A99-89BB04C2366B}C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{2D8631B1-84A3-44AC-ADE8-93241E49EB98}C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{A901CC3B-B920-423F-88F6-A2EA08EF1AB4}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C7033B27-B0EE-436B-BFB9-F2CAD1179C11}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C7124957-E97D-4DE8-BD98-F075FF3DE4FC}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5E85B88E-B2C0-471F-8234-319F293C9642}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{8C1E0AFF-0947-408D-9CA0-B34DB88CCD54}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{BB227A22-F326-48EE-95B5-E4B4562BDD31}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{602566B3-53FE-46CC-882A-E7AA074D88BD}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3D331ABD-753B-442E-911F-BAD624D19D16}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{40BB7199-C73E-4779-B4DA-6B0441142C60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B971440C-F2B7-44C7-9938-A152205E5F57}C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [UDP Query User{F43DA22C-1411-4D5B-B902-950CD5D5A1B0}C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [{1D9DBEAC-64E3-476F-BCBE-0C609CACAD3F}] => (Allow) LPort=53000
FirewallRules: [{D2FE3095-A1D4-4414-A06C-ED6A22859044}] => (Allow) LPort=52000
==================== Restore Points =========================
23-08-2016 12:55:32 Installed TAL-U-NO-LX-V2 (64bit)
31-08-2016 12:54:23 Scheduled Checkpoint
09-09-2016 11:13:57 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2016 12:52:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/11/2016 12:52:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/11/2016 12:52:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/11/2016 12:38:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (09/11/2016 12:31:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (09/11/2016 10:51:06 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program dwm.exe because of this error.
Program: dwm.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (09/11/2016 10:51:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
Exception code: 0xc000001d
Fault offset: 0x000000000005c0a8
Faulting process id: 0x1fb4
Faulting application start time: 0x01d20bdfb7d491fc
Faulting application path: C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe
Faulting module path: C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe
Report Id: ec4fd240-48fa-42d1-b3d4-182422dc04c7
Faulting package full name:
Faulting package-relative application ID:
Error: (09/11/2016 10:47:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (09/11/2016 08:55:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (09/11/2016 07:46:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (09/11/2016 12:28:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_7b6ce0c service terminated with the following error:
Access is denied.
Error: (09/11/2016 12:28:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_7b6ce0c service to connect.
Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7b6ce0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7b6ce0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7b6ce0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7b6ce0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/11/2016 12:28:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/11/2016 11:34:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/11/2016 09:43:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/11/2016 09:15:31 AM) (Source: DCOM) (EventID: 10016) (User: Enera)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Enera\sonny SID (S-1-5-21-1350135555-1384265764-1047298360-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2016-09-11 12:53:51.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-11 06:59:38.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-10 21:40:56.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-10 15:03:31.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-10 10:49:48.410
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-10 09:24:35.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-09 09:37:01.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-09 06:23:39.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-08 22:25:13.412
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-08 09:17:56.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 83%
Total physical RAM: 1938.28 MB
Available physical RAM: 318.06 MB
Total Virtual: 3410.28 MB
Available Virtual: 1062.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:437.15 GB) (Free:378.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.58 GB) (Free:3.13 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 64170E3A)
Partition: GPT.
==================== End of Addition.txt ============================
