Jump to content

Pop Up Always Appear


Recommended Posts

Hello olbo_stuff and welcome to Malwarebytes,

Hello and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Thanks for your reply ..

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/09/2016
Scan Time: 10.51
Logfile: Malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.11.02
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: sonny

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341610
Time Elapsed: 40 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe, 8116, Delete-on-Reboot, [cf0fdb958c0e023432adfec47f84d729]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 

Files: 10
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libcurl-4.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libiconv-2.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libidn-11.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libintl-8.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\msupdate.7z, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\msvcrt.dll, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\proxy.conf, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 
Trojan.FakeAlert, C:\Users\sonny\AppData\Local\Temp\msupdate71\zlib1.dl1, Quarantined, [cf0fdb958c0e023432adfec47f84d729], 

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by sonny (administrator) on ENERA (11-09-2016 13:05:39)
Running from C:\Users\sonny\Downloads\Programs
Loaded Profiles: sonny (Available Profiles: sonny)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [BitTorrent] => C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe [1930760 2016-03-05] (BitTorrent Inc.)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIN2E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-06] (Piriform Ltd)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3952696 2016-08-06] (Tonec Inc.)
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Run: [tsiVideo] => C:\Users\sonny\AppData\Local\Temp\mdi164.dll [1495040 2016-09-10] () <===== ATTENTION
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-27] (Microsoft Corporation)
Startup: C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kirim ke OneNote.lnk [2016-02-28]
ShortcutTarget: Kirim ke OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{9212291d-ca2e-4c08-8a9c-c722de3589c5}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/28
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/28
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> {4AD43A14-AA87-4d4b-A345-B0BC1C61BC76} URL = hxxp://www.google.cn/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-08-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\sonny\AppData\Roaming\Mozilla\Firefox\Profiles\rn7e45hk.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-25] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\sonny\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\sonny\AppData\Roaming\IDM\idmmzcc5 [2016-09-11] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-07]
CHR Extension: (Google Docs) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-07]
CHR Extension: (Google Drive) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-07]
CHR Extension: (YouTube) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-07]
CHR Extension: (Google Sheets) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
CHR Extension: (IDM Integration Module) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-07]
CHR Extension: (Gmail) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-07]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
S3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [111696 2016-02-25] ()
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 13:04 - 2016-09-11 13:05 - 00000000 ____D C:\FRST
2016-09-11 12:58 - 2016-09-11 12:58 - 00002474 _____ C:\Malware.txt
2016-09-10 21:34 - 2016-09-11 12:53 - 00002058 _____ C:\Users\sonny\Desktop\Rkill.txt
2016-09-09 17:41 - 2016-09-09 17:41 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2016-09-09 17:41 - 2016-09-09 17:41 - 00000000 ____D C:\ProgramData\Arturia
2016-09-09 16:20 - 2016-09-09 17:41 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-09-09 16:19 - 2016-09-09 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
2016-09-09 16:16 - 2016-09-09 20:50 - 00000000 ____D C:\ProgramData\eLicenser
2016-09-09 16:16 - 2016-09-09 17:41 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2016-09-09 16:16 - 2009-09-17 17:20 - 01695232 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\synsoacc.dll
2016-09-09 16:16 - 2009-09-17 17:20 - 01261568 ____N (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2016-09-09 16:16 - 2009-05-19 16:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2016-09-09 16:16 - 2006-01-29 11:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2016-09-09 16:16 - 2006-01-29 11:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2016-09-09 14:27 - 2016-09-09 14:36 - 00000000 ____D C:\Users\sonny\Downloads\Arturia.V.Collection.2010.v2.0+Presets.Incl.Keygen-AiR
2016-09-09 12:39 - 2016-09-11 12:32 - 00000000 ____D C:\Users\sonny\AppData\LocalLow\BitTorrent
2016-09-09 12:39 - 2016-09-09 12:39 - 00047890 _____ C:\Users\sonny\Downloads\[kickass.unblocked.live].torrent
2016-09-09 10:47 - 2016-09-09 10:47 - 00000000 ____D C:\Users\sonny\AppData\Roaming\PE Explorer
2016-09-08 12:55 - 2016-09-08 12:55 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes
2016-09-08 12:54 - 2016-09-08 12:54 - 00000000 ____D C:\Users\sonny\Documents\Sugar Bytes
2016-09-08 12:54 - 2016-09-08 12:54 - 00000000 ____D C:\Program Files\Sugar Bytes
2016-09-07 09:23 - 2016-09-07 09:23 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-07 09:23 - 2016-09-07 09:23 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-07 09:06 - 2016-09-11 12:31 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 09:06 - 2016-09-11 11:11 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 09:06 - 2016-09-07 09:06 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-07 09:06 - 2016-09-07 09:06 - 00003734 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-06 00:38 - 2016-09-10 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-09-06 00:38 - 2016-09-06 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-09-05 23:57 - 2016-09-11 09:23 - 00000000 ____D C:\Users\sonny\AppData\Roaming\vlc
2016-09-05 23:56 - 2016-09-05 23:56 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-05 23:56 - 2016-09-05 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-05 23:35 - 2016-09-05 23:35 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-05 23:35 - 2016-09-05 23:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-05 23:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-05 23:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-05 23:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-05 23:06 - 2016-09-09 11:01 - 00000000 ____D C:\Users\sonny\AppData\Roaming\IDM
2016-09-05 23:06 - 2016-09-05 23:08 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-09-05 23:06 - 2016-09-05 23:06 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-09-05 23:06 - 2016-09-05 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-09-05 22:19 - 2016-09-05 22:19 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-09-05 22:03 - 2016-09-05 22:23 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 22:03 - 2016-09-05 22:03 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-09-05 22:03 - 2016-09-05 22:03 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 22:03 - 2016-09-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 21:52 - 2016-09-05 21:52 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-31 17:09 - 2016-08-31 17:09 - 00000000 ___SD C:\Users\sonny\Documents\My Data Sources
2016-08-31 14:22 - 2016-08-31 14:23 - 00047430 _____ C:\Users\sonny\Downloads\Register DO'2016.xlsx
2016-08-28 18:56 - 2016-08-28 18:56 - 00000761 _____ C:\Users\sonny\Downloads\Music - Shortcut.lnk
2016-08-27 08:57 - 2016-08-27 08:57 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-27 08:55 - 2016-08-27 08:55 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Skype
2016-08-22 15:58 - 2016-09-08 12:41 - 00000000 ____D C:\Users\sonny\Documents\u-he
2016-08-22 15:58 - 2016-09-08 12:41 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
2016-08-20 23:39 - 2016-08-20 23:39 - 00000045 _____ C:\WINDOWS\SysWOW64\_WKERNEL.FRE
2016-08-20 23:38 - 2016-08-21 00:42 - 00000000 ____D C:\Program Files (x86)\WinUtilities Undelete
2016-08-20 23:38 - 2016-08-20 23:38 - 00001101 _____ C:\Users\Public\Desktop\WinUtilities Undelete.lnk
2016-08-20 23:38 - 2016-08-20 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities Undelete
2016-08-20 23:38 - 2007-09-10 13:24 - 00544768 _____ (Stardock Corporation) C:\WINDOWS\SysWOW64\wbocx.ocx
2016-08-20 23:38 - 2007-08-31 12:52 - 00056496 _____ (Stardock.Net, Inc) C:\WINDOWS\SysWOW64\wbhelp2.dll
2016-08-20 23:38 - 2007-08-31 12:52 - 00033968 _____ (Neil Banfield) C:\WINDOWS\SysWOW64\anim.dll
2016-08-20 23:38 - 2004-12-07 10:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2016-08-20 23:38 - 1999-11-22 15:50 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF32.DLL
2016-08-20 23:38 - 1999-11-22 15:50 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF16.DLL
2016-08-20 22:51 - 2016-08-20 22:51 - 00003322 _____ C:\WINDOWS\System32\Tasks\{AF6A27EB-295F-4B7C-92FA-77EC0D3A2E53}
2016-08-20 13:13 - 2016-08-20 13:13 - 00045979 _____ C:\Users\sonny\Downloads\Laporan Produksi per tanggal 20 Agustus 2016.xlsx
2016-08-13 19:06 - 2016-08-13 19:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-13 19:05 - 2016-09-05 23:06 - 00001082 _____ C:\Users\sonny\Desktop\Internet Download Manager.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 13:02 - 2015-11-30 11:24 - 00000000 ____D C:\Users\sonny\AppData\Roaming\BitTorrent
2016-09-11 12:51 - 2015-12-29 13:49 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-11 12:47 - 2015-11-07 21:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A46B3307-19F6-44FF-9A71-EB874F9CD2CE}
2016-09-11 12:31 - 2016-04-11 16:31 - 00000931 _____ C:\WINDOWS\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9}.job
2016-09-11 12:31 - 2016-03-12 21:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-11 12:30 - 2015-12-18 07:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 12:29 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\security
2016-09-11 12:29 - 2015-10-30 13:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-11 12:28 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\AppData\Roaming\DMCache
2016-09-11 06:42 - 2015-10-25 21:26 - 00000000 ____D C:\Users\sonny\AppData\Local\Adobe
2016-09-10 12:40 - 2016-01-20 10:31 - 00000000 ____D C:\Betomix
2016-09-10 11:49 - 2015-11-12 21:47 - 00948486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-10 11:49 - 2015-10-30 14:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-10 11:02 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\Downloads\Video
2016-09-10 09:54 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\System
2016-09-10 09:10 - 2015-10-25 22:10 - 00000000 ____D C:\Users\sonny\Downloads\Compressed
2016-09-09 20:46 - 2016-01-19 20:43 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2016-09-09 09:16 - 2016-07-19 10:33 - 00003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForsonny
2016-09-09 09:16 - 2016-07-19 10:33 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForsonny.job
2016-09-07 09:23 - 2015-10-24 18:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-07 09:23 - 2015-10-24 18:58 - 00000000 ____D C:\Users\sonny\AppData\Local\Google
2016-09-06 00:10 - 2016-01-28 10:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-05 23:55 - 2015-10-25 06:06 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-09-05 21:52 - 2015-10-30 14:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-05 21:52 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-03 21:02 - 2015-10-24 18:39 - 00000000 ____D C:\Users\sonny\AppData\Local\Packages
2016-08-29 16:49 - 2015-12-18 07:18 - 00000000 ____D C:\Users\sonny
2016-08-27 08:57 - 2015-11-12 22:00 - 00002402 _____ C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-27 08:57 - 2015-11-05 17:20 - 00000000 ___RD C:\Users\sonny\OneDrive
2016-08-24 12:36 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 13:01 - 2016-02-27 22:06 - 00000000 ____D C:\Users\sonny\AppData\Roaming\ToguAudioLine
2016-08-22 20:00 - 2012-09-19 09:56 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-08-22 16:17 - 2016-01-05 15:29 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-08-21 02:11 - 2016-02-01 06:59 - 00014848 _____ C:\Users\sonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-15 12:32 - 2016-04-11 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-08-14 07:02 - 2015-10-26 06:33 - 00000000 ____D C:\Users\sonny\AppData\Roaming\Media Player Classic

==================== Files in the root of some directories =======

2014-01-08 22:00 - 2014-01-08 22:00 - 2387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2016-06-16 14:52 - 2016-06-16 14:52 - 0000030 _____ () C:\Users\sonny\AppData\Roaming\.pgbiasfx
2015-12-29 12:54 - 2015-12-30 09:47 - 0000033 _____ () C:\Users\sonny\AppData\Roaming\AdobeWLCMCache.dat
2015-12-31 06:49 - 2015-12-31 06:52 - 229845735 _____ () C:\Users\sonny\AppData\Local\ACCCx3_4_3_189.zip.aamdownload
2015-12-31 06:49 - 2015-12-31 06:51 - 0002657 _____ () C:\Users\sonny\AppData\Local\ACCCx3_4_3_189.zip.aamdownload.aamd
2016-02-01 06:59 - 2016-08-21 02:11 - 0014848 _____ () C:\Users\sonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-06 23:18 - 2015-12-06 23:18 - 0977851 _____ () C:\Users\sonny\AppData\Local\ISO-Burner_661.rar
2015-11-17 06:21 - 2015-11-17 06:22 - 0007605 _____ () C:\Users\sonny\AppData\Local\resmon.resmoncfg
2015-10-24 18:41 - 2015-10-24 18:41 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-04-26 07:15 - 2016-04-26 07:16 - 0000177 _____ () C:\ProgramData\Temp.log

Files to move or delete:
====================
C:\Users\sonny\AppData\Local\Temp\mdi164.dll


Some files in TEMP:
====================
C:\Users\sonny\AppData\Local\Temp\mdi064.dll
C:\Users\sonny\AppData\Local\Temp\mdi164.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 08:49

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by sonny (11-09-2016 13:07:54)
Running from C:\Users\sonny\Downloads\Programs
Windows 10 Home Single Language Version 1511 (X64) (2015-12-18 00:48:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1350135555-1384265764-1047298360-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1350135555-1384265764-1047298360-503 - Limited - Disabled)
Guest (S-1-5-21-1350135555-1384265764-1047298360-501 - Limited - Disabled)
sonny (S-1-5-21-1350135555-1384265764-1047298360-1001 - Administrator - Enabled) => C:\Users\sonny

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM-x32\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CCleaner 5.21.5700 (HKLM-x32\...\CCleaner 5.21.5700) (Version: 5.21.5700 - SandySeedings Team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: build 25 - Crackingpatching.com Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 id) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 id)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.0.533 - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version:  - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.0.0.1501 - Native Instruments)
Native Instruments Reaktor 6 Bundle (HKLM-x32\...\Native Instruments Reaktor 6 Bundle) (Version: 6.0.0.0 - Native Instruments)
Native Instruments Reaktor Blocks (HKLM-x32\...\Native Instruments Reaktor Blocks) (Version: 1.0.0.12 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Penghapusan Instalan Printer EPSON L220 Series (HKLM\...\EPSON L220 Series) (Version:  - SEIKO EPSON Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Sugar Bytes Guitarist 1.0.2 (HKLM\...\Guitarist_is1) (Version: 1.0.2 - Sugar Bytes)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TAL-U-NO-LX-V2 (64bit) (HKLM\...\{FC406C86-52D0-41DC-B5CE-0446BEFB0156}) (Version: 1.3.7 - TAL - Togu Audio Line)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinUtilities Undelete 3.1 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043A06}_is1) (Version:  - YL Computing, Inc)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DEEB980-FAB0-4FBA-8DBA-962337EAE5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F721430-C4DB-4349-B5C9-7FB6DEA6518E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1791265D-960D-430A-B4F6-A288435DEDD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {1DE7688A-8733-4C4E-8742-F605FCB35B1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {1E3876DC-4349-43C7-AAEF-46DB203C6C0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {231B4CFD-1BC7-4CEE-B8E7-DA6370EB25D6} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation)
Task: {2B58A96B-FA1B-4FBF-B928-BAA92BA1A70D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-07] (Google Inc.)
Task: {39BF4458-EF1F-424E-8EAE-F0F0F91F397E} - System32\Tasks\{DA4D9FBC-9315-4E43-B684-AFAEFA2D55E4} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall
Task: {48D8114F-6D9B-49E9-A792-DAE90A047AA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {4B7701A3-1FAC-4E93-964B-89ECFEEA9967} - System32\Tasks\AdobeAAMUpdater-1.0-Enera-sonny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {4D598BF5-8E42-41C9-A6EE-362AD9E34575} - System32\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {4FB002D6-8EEE-4844-BCCB-DF0943E019D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-07] (Google Inc.)
Task: {6A59B156-AC8A-48BC-8410-0316C58DD4A2} - System32\Tasks\HPCeeScheduleForsonny => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6E8FF5D6-D60F-4F2A-AAF2-0C4DA65A104C} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {7134873E-BCFB-4FA6-924F-24FAC4801A43} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8997618E-A6CF-42A8-B306-8407BBBAAFC3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {977C89FC-2220-4E1E-99B8-36B9A0174F25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-05] (Microsoft Corporation)
Task: {9B4BDD1A-D5F9-4C3D-8D65-D020AA56AC7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9CC9C6E2-0B9C-4005-A52E-9A9075110897} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A31A65B4-8613-46CA-8A54-B462F1869DF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD5407D5-D11F-46B2-9657-152E0452E472} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BBCEBD0D-4952-4987-9D5A-AD17A4F2D16B} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C9B7DE8E-A7AE-44D1-80F4-DFACAC2722ED} - System32\Tasks\{AA980117-D0A9-4F38-9210-D189F8BA707F} => pcalua.exe -a C:\Users\sonny\Downloads\Programs\L220_x86_222JAUsHomeExportAsiaML.exe -d C:\Users\sonny\AppData\Roaming\IDM
Task: {D0390F62-5EA9-4A6E-B50E-150E5B498F8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {D84B0E46-D8D0-4499-9B0B-FE253CBC484D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {DA1E9BEC-A37A-45A7-914B-D0983C781B83} - System32\Tasks\Gohfet => C:\PROGRA~1\SHOPPE~1\Acifa.bat <==== ATTENTION
Task: {DB0DEB39-429E-4563-86DC-C9E538827E8E} - System32\Tasks\{F5158DDC-DA1A-4C5A-877A-8000C80DBC4B} => pcalua.exe -a "C:\Users\sonny\Downloads\Positive Grid BIAS FX v1.3.2.1190-R2R [oddsox]\Positive.Grid.BIAS.FX.v1.3.2.1190.Incl.Keygen-R2R\R2R\PositiveGrid_KeyGen.exe" -d "C:\Users\sonny\Downloads\Positive Grid BIAS FX v1.3.2.1190-R2R [oddsox]\Positive.Grid.BIAS.FX.v1.3.2.1190.Incl.Keygen-R2R\R2R"
Task: {E597243D-BB53-4E96-BFED-9F39A873B483} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {E9CDA39E-A692-4206-89BF-08C90C545BA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {EC81FE7C-1E59-493B-9023-864405E18631} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F53E0B24-10D9-4664-AE5D-B44082FF4000} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F5ADC92B-67A6-46A0-8321-AA5855563563} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F6B43B30-E2EF-434A-B469-3C28A2EE2FED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-05] (Microsoft Corporation)
Task: {F78FF3AE-3AF1-4F45-A82A-85B3F6923B05} - System32\Tasks\{AF6A27EB-295F-4B7C-92FA-77EC0D3A2E53} => pcalua.exe -a C:\Users\sonny\Downloads\Programs\pci_filerecovery.exe -d C:\Users\sonny\Downloads\Programs
Task: {FBC0045D-C52C-4770-8597-33EFB1E41522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-06] (Piriform Ltd)
Task: {FCC234D6-677D-4121-BFD7-A8BF59ECFEB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L220 Series Update {A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE:/EXE:{A366A30F-FCD5-44E1-88BD-DDD94CF7EDF9} /F:Update WORKGROUP\ENERA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForsonny.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\sonny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 14:18 - 2015-10-30 14:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 01:09 - 2016-07-01 11:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 01:09 - 2016-07-01 11:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 08:56 - 2016-08-27 08:56 - 01864384 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-03-15 08:23 - 2016-08-31 14:02 - 08921800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 11:11 - 2015-12-07 11:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 01:10 - 2016-07-01 10:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-16 01:09 - 2016-07-01 10:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 01:09 - 2016-07-01 10:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 01:09 - 2016-07-01 10:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 01:09 - 2016-07-01 10:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-03-07 01:37 - 2012-03-07 01:37 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-07 09:23 - 2016-08-31 09:16 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libglesv2.dll
2016-09-07 09:23 - 2016-08-31 09:16 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libegl.dll
2016-03-15 08:24 - 2016-08-31 14:13 - 08921800 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:21 - 2016-04-19 06:25 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-27 08:55 - 2016-08-27 08:55 - 01383616 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 08:56 - 2016-08-27 08:56 - 00118976 _____ () C:\Users\sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-10 09:06 - 2016-09-10 09:06 - 01495040 _____ () C:\Users\sonny\AppData\Local\Temp\mdi164.dll
2013-05-21 14:19 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2016-02-26 14:25 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05A730FD-03DE-4015-87A8-9AB8482CA559}] => (Allow) LPort=1900
FirewallRules: [{FE17A440-6144-4ABF-9D72-A7FB05D17301}] => (Allow) LPort=2869
FirewallRules: [{24A551A7-8411-4795-AB0C-7F96780E010D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55966ACB-F293-456E-A80B-28BF417007F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5526B4A0-55AB-4466-BD7D-AF8BBF7E81B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4EEB723-8123-45EC-B8E3-74536B7599EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5E66C6FF-18A9-415A-85FE-9193A4A30B3B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A7FBB38A-E2E3-492B-A247-AE813B28503E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BB9BB840-43A3-45C4-B401-425E1ADF4B73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ACF03570-AE1A-41A6-BC8C-B5CA533855E5}] => (Block) 127.0.0.1 lmlicenses.wip4.adobe.com
FirewallRules: [{4C2EBF76-A0A6-4C9A-9CD0-5E9EDC0FB1E9}] => (Block) 127.0.0.1 lm.licenses.adobe.com
FirewallRules: [{B3A7D8D1-4621-4A9B-AA98-BFBCC2FBA388}] => (Block) 127.0.0.1 na1r.services.adobe.com
FirewallRules: [{A5C5CC76-F444-41C2-A9CB-2199998A6BD0}] => (Block) 127.0.0.1 hlrcv.stage.adobe.com
FirewallRules: [{AEE09D33-A58E-4702-BAC0-7316459BF0E6}] => (Block) 127.0.0.1 practivate.adobe.com
FirewallRules: [{579FC2A1-66C2-4A73-94BC-7870C91FB5E5}] => (Block) 127.0.0.1 activate.adobe.com
FirewallRules: [{D0A46387-6767-4693-9B36-A399D5E67EFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E487AD9D-B107-45B4-9A99-89BB04C2366B}C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{2D8631B1-84A3-44AC-ADE8-93241E49EB98}C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sonny\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{A901CC3B-B920-423F-88F6-A2EA08EF1AB4}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C7033B27-B0EE-436B-BFB9-F2CAD1179C11}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C7124957-E97D-4DE8-BD98-F075FF3DE4FC}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5E85B88E-B2C0-471F-8234-319F293C9642}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{8C1E0AFF-0947-408D-9CA0-B34DB88CCD54}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{BB227A22-F326-48EE-95B5-E4B4562BDD31}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{602566B3-53FE-46CC-882A-E7AA074D88BD}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3D331ABD-753B-442E-911F-BAD624D19D16}] => (Allow) C:\Users\sonny\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{40BB7199-C73E-4779-B4DA-6B0441142C60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B971440C-F2B7-44C7-9938-A152205E5F57}C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [UDP Query User{F43DA22C-1411-4D5B-B902-950CD5D5A1B0}C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\sonny\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [{1D9DBEAC-64E3-476F-BCBE-0C609CACAD3F}] => (Allow) LPort=53000
FirewallRules: [{D2FE3095-A1D4-4414-A06C-ED6A22859044}] => (Allow) LPort=52000

==================== Restore Points =========================

23-08-2016 12:55:32 Installed TAL-U-NO-LX-V2 (64bit)
31-08-2016 12:54:23 Scheduled Checkpoint
09-09-2016 11:13:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2016 12:52:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/11/2016 12:52:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/11/2016 12:52:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/11/2016 12:38:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/11/2016 12:31:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/11/2016 10:51:06 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program dwm.exe because of this error.

Program: dwm.exe
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (09/11/2016 10:51:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
Exception code: 0xc000001d
Fault offset: 0x000000000005c0a8
Faulting process id: 0x1fb4
Faulting application start time: 0x01d20bdfb7d491fc
Faulting application path: C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe
Faulting module path: C:\Users\sonny\AppData\Local\Temp\msupdate71\dwm.exe
Report Id: ec4fd240-48fa-42d1-b3d4-182422dc04c7
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/11/2016 10:47:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/11/2016 08:55:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/11/2016 07:46:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=cd918a57-a41b-4c82-8dce-1a538e221a83;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (09/11/2016 12:28:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_7b6ce0c service terminated with the following error: 
Access is denied.

Error: (09/11/2016 12:28:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_7b6ce0c service to connect.

Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7b6ce0c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7b6ce0c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7b6ce0c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/11/2016 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7b6ce0c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/11/2016 12:28:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/11/2016 11:34:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/11/2016 09:43:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/11/2016 09:15:31 AM) (Source: DCOM) (EventID: 10016) (User: Enera)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Enera\sonny SID (S-1-5-21-1350135555-1384265764-1047298360-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-09-11 12:53:51.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-11 06:59:38.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-10 21:40:56.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-10 15:03:31.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-10 10:49:48.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-10 09:24:35.634
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 09:37:01.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 06:23:39.061
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 22:25:13.412
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 09:17:56.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 83%
Total physical RAM: 1938.28 MB
Available physical RAM: 318.06 MB
Total Virtual: 3410.28 MB
Available Virtual: 1062.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.15 GB) (Free:378.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.58 GB) (Free:3.13 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 64170E3A)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, continue as follows please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Zemana AntiMalware Free from the following link and save to your Desktop:

https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe
 

  • Double-click software shortcut on the desktop and follow the prompts to install the program.
  • Accept the EULA when offered.
  • If an update is available, click the Update now button.
  • At the end Click Settings (Cog wheel top r/h corner) > Advanced > ''I have read the warning an wish to proceed anyway...
  • Checkmark Auto Launch
  • UnCheckmark Auto Upload
  • Checkmark All Browser Extensions
  • Smart scan settings to replace as deep scan
  • Close all open files, folders and browsers
  • Click scan now and a threat Scan will begin.
  • When the scan is complete, Press report and post the report.


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin.

Fixlist.txt

Link to post
Share on other sites

Zemana AntiMalware 2.30.2.75 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/9/12
Operating System       : Windows 10 64-bit
Processor              : 2X Intel(R) Pentium(R) CPU 987 @ 1.50GHz
BIOS Mode              : UEFI
CUID                   : 12B480DA8846E6262BBBFD
Scan Type              : Deep Scan
Duration               : 88m 28s
Scanned Objects        : 311352
Detected Objects       : 32
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Disabled
Detect All Extensions  : Enabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Search
Status             : Scanned
Object             : 百度 - http://baidu.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search

Internet Explorer Search
Status             : Scanned
Object             : 谷歌 - http://google.cn
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search

IDM integration
Status             : Scanned
Object             : %programfiles%\internet download manager\idmmzcc2.xpi
MD5                : 7319EDC74D9669E64AC5A719C6605706
Publisher          : -
Size               : 30345
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - IDM integration
                File - %programfiles%\internet download manager\idmmzcc2.xpi

Default
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
MD5                : C04379738E3FF06EA16A458584926CF6
Publisher          : -
Size               : 4869
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Default
                File - %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

Firefox Hello Beta
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi
MD5                : A419392CEDF0CB2348EBF889E72F3753
Publisher          : -
Size               : 1582919
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Firefox Hello Beta
                File - %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi

IDM Integration Module
Status             : Scanned
Object             : %programfiles%\internet download manager\idmgcext.crx
MD5                : 9C97A41F342EFC1FC23F9623B1BD32D2
Publisher          : -
Size               : 66997
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - IDM Integration Module
                File - %programfiles%\internet download manager\idmgcext.crx

jeaohhlajejodfjadcponpnjgkiikocn
Status             : Scanned
Object             : %programfiles%\internet download manager\idmgcext.crx
MD5                : 9C97A41F342EFC1FC23F9623B1BD32D2
Publisher          : -
Size               : 66997
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - jeaohhlajejodfjadcponpnjgkiikocn
                File - %programfiles%\internet download manager\idmgcext.crx

Chrome Media Router
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Chrome Media Router

Gmail
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Gmail

Chrome Web Store Payments
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Chrome Web Store Payments

IDM Integration Module
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ngpampappnmepgilojfohadhhmbhlaek
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - IDM Integration Module

Google Docs Offline
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Docs Offline

Google Sheets
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Sheets

YouTube
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - YouTube

Google Drive
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Drive

Google Docs
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Docs

Google Slides
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Slides

Adware:BAT/Generic-DJ!Intr
Status             : Scanned
Object             : %systemroot%\system32\tasks\gohfet|c:\progra~1\shoppe~1\acifa.bat
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Unwanted Batch File
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\Gohfet

arturia_moog_modularv_v2.x_keyen.exe
Status             : Scanned
Object             : %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.moog.modular.v.vsti.rtas.v2.5.incl.keygen-air\arturia_moog_modularv_v2.x_keyen.exe
MD5                : FE2E46585DDF6D6475CDCD50303E0D92
Publisher          : -
Size               : 7515648
Version            : -
Detection          : Malware:Win32/Generic!Raee
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.moog.modular.v.vsti.rtas.v2.5.incl.keygen-air\arturia_moog_modularv_v2.x_keyen.exe

arturia_jupiter8v_v2.x_keygen.exe
Status             : Scanned
Object             : %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.jupiter8.v.vsti.rtas.v2.0.incl.keygen-air\arturia_jupiter8v_v2.x_keygen.exe
MD5                : A7B1B28190637E808BCC355329C1F390
Publisher          : -
Size               : 7161344
Version            : -
Detection          : Malware:Win32/Generic!Mlte
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.jupiter8.v.vsti.rtas.v2.0.incl.keygen-air\arturia_jupiter8v_v2.x_keygen.exe

arturia_brass_v2.x_keygen.exe
Status             : Scanned
Object             : %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.brass.vsti.rtas.v2.0.5.incl.keygen-air\arturia_brass_v2.x_keygen.exe
MD5                : 244A3B567673A8AF853BA31D29BF14B4
Publisher          : -
Size               : 7529984
Version            : -
Detection          : Malware:Win32/Generic!Ieak
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\arturia.v.collection.2010.v2.0+presets.incl.keygen-air\arturia.brass.vsti.rtas.v2.0.5.incl.keygen-air\arturia_brass_v2.x_keygen.exe

mdi164.dll
Status             : Scanned
Object             : %temp%\mdi164.dll
MD5                : 03723CEA977FC5E6CE1E15FB29B34AC3
Publisher          : -
Size               : 1495040
Version            : -
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\mdi164.dll
                DLL - 4612 - C:\Windows\SysWOW64\rundll32.exe
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\tsiVideo = C:\WINDOWS\SysWOW64\rundll32.exe C:\Users\sonny\AppData\Local\Temp\mdi164.dll,fwnewsdf

SppExtComObjHook.dll
Status             : Scanned
Object             : %systemroot%\system32\sppextcomobjhook.dll
MD5                : A1BFB666F2FD085567FD7F10AA9EE0EB
Publisher          : -
Size               : 15360
Version            : -
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\system32\sppextcomobjhook.dll

SppExtComObjPatcher.exe
Status             : Scanned
Object             : %systemroot%\system32\sppextcomobjpatcher.exe
MD5                : 0BF6FC2387197DF2142EB9709AE74D55
Publisher          : WZT
Size               : 8336
Version            : -
Detection          : Adware:Win32/AutoBulk.c3eddc!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\system32\sppextcomobjpatcher.exe

SECOH-QAD.dll
Status             : Scanned
Object             : %systemroot%\secoh-qad.dll
MD5                : 6D7FDBF9CEAC51A76750FD38CF801F30
Publisher          : -
Size               : 3584
Version            : -
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\secoh-qad.dll

mdi064.dll
Status             : Scanned
Object             : %temp%\mdi064.dll
MD5                : 03723CEA977FC5E6CE1E15FB29B34AC3
Publisher          : -
Size               : 1495040
Version            : -
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\mdi064.dll

key.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$ronfrbk\key.exe
MD5                : F452B429AAF8DDD22C863FA1E8B445EB
Publisher          : -
Size               : 59904
Version            : -
Detection          : Malware:Win32/Cognito.A!Clti
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$ronfrbk\key.exe

key.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rjvtosc\key.exe
MD5                : F452B429AAF8DDD22C863FA1E8B445EB
Publisher          : -
Size               : 59904
Version            : -
Detection          : Malware:Win32/Cognito.A!Clti
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rjvtosc\key.exe

keygen-step-3.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rl1ejwb\keygen-step-3.exe
MD5                : D98926635EB31884DAB561A87E3FAAF2
Publisher          : -
Size               : 688640
Version            : -
Detection          : Adware:Win32/Obfus.A!Meic
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rl1ejwb\keygen-step-3.exe

keygen-pr.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rl1ejwb\keygen-pr.exe
MD5                : 3A82E425E5086FD8072C5B1862B8906F
Publisher          : -
Size               : 1827316
Version            : -
Detection          : Malware:Win32/Tamaca!Tter
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$rl1ejwb\keygen-pr.exe

keygen-pr.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$r4s70w8\keygen-pr.exe
MD5                : 3A82E425E5086FD8072C5B1862B8906F
Publisher          : -
Size               : 1827316
Version            : -
Detection          : Malware:Win32/Tamaca!Tter
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$r4s70w8\keygen-pr.exe

keygen-step-3.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$r4s70w8\keygen-step-3.exe
MD5                : D98926635EB31884DAB561A87E3FAAF2
Publisher          : -
Size               : 688640
Version            : -
Detection          : Adware:Win32/Obfus.A!Meic
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1350135555-1384265764-1047298360-1001\$r4s70w8\keygen-step-3.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 32
Reported as safe      : 0
Failed                : 0
 

 

# AdwCleaner v6.010 - Logfile created 12/09/2016 at 19:06:28
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.2 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : sonny - ENERA
# Running from : C:\Users\sonny\Downloads\Programs\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\uninst


***** [ Files ] *****

[-] File deleted: C:\Users\sonny\AppData\Roaming\Mozilla\Firefox\Profiles\rn7e45hk.default\invalidprefs.js


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.bmp
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.dib
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.emf
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.exif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.gif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.ico
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jfif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpe
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpeg
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpg
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.png
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.tif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.tiff
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.wmf
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Reg\Clean
[#] Key deleted on reboot: HKCU\Software\Reg\Clean
[-] Key deleted: HKLM\SOFTWARE\Reg\Clean
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3165 Bytes] - [12/09/2016 19:06:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [3316 Bytes] - [12/09/2016 18:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3311 Bytes] ##########
 

 

# AdwCleaner v6.010 - Logfile created 12/09/2016 at 18:58:39
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.2 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : sonny - ENERA
# Running from : C:\Users\sonny\Downloads\Programs\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\uninst


***** [ Files ] *****

File Found:  C:\Users\sonny\AppData\Roaming\Mozilla\Firefox\Profiles\rn7e45hk.default\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\MTview.bmp
Key Found:  HKLM\SOFTWARE\Classes\MTview.dib
Key Found:  HKLM\SOFTWARE\Classes\MTview.emf
Key Found:  HKLM\SOFTWARE\Classes\MTview.exif
Key Found:  HKLM\SOFTWARE\Classes\MTview.gif
Key Found:  HKLM\SOFTWARE\Classes\MTview.ico
Key Found:  HKLM\SOFTWARE\Classes\MTview.jfif
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpe
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpeg
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpg
Key Found:  HKLM\SOFTWARE\Classes\MTview.png
Key Found:  HKLM\SOFTWARE\Classes\MTview.tif
Key Found:  HKLM\SOFTWARE\Classes\MTview.tiff
Key Found:  HKLM\SOFTWARE\Classes\MTview.wmf
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found:  HKU\S-1-5-21-1350135555-1384265764-1047298360-1001\Software\Reg\Clean
Key Found:  HKCU\Software\Reg\Clean
Key Found:  HKLM\SOFTWARE\Reg\Clean
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3156 Bytes] - [12/09/2016 18:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3229 Bytes] ##########
 

 

2016-09-12 05:40:21.141    Sophos Virus Removal Tool version 2.5.6
2016-09-12 05:40:21.141    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-09-12 05:40:21.141    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-09-12 05:40:21.141    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-09-12 05:40:21.157    Checking for updates...
2016-09-12 05:40:21.657    Update progress: proxy server not available
2016-09-12 05:40:52.675    Option all = no
2016-09-12 05:40:52.675    Option recurse = yes
2016-09-12 05:40:52.706    Option archive = no
2016-09-12 05:40:52.706    Option service = yes
2016-09-12 05:40:52.706    Option confirm = yes
2016-09-12 05:40:52.706    Option sxl = yes
2016-09-12 05:40:52.706    Option max-data-age = 35
2016-09-12 05:40:52.706    Option vdl-logging = yes
2016-09-12 05:40:52.706    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-09-12 05:40:52.706    Machine ID:    5610c4b7cf55486183edf6984366a0d1
2016-09-12 05:40:52.753    Component SVRTcli.exe version 2.5.6
2016-09-12 05:40:52.753    Component control.dll version 2.5.6
2016-09-12 05:40:52.753    Component SVRTservice.exe version 2.5.6
2016-09-12 05:40:52.753    Component engine\osdp.dll version 1.44.1.2252
2016-09-12 05:40:52.753    Component engine\veex.dll version 3.65.2.2252
2016-09-12 05:40:52.753    Component engine\savi.dll version 9.0.1.2252
2016-09-12 05:40:52.831    Component rkdisk.dll version 1.5.30.0
2016-09-12 05:40:52.831    Version info:    Product version    2.5.6
2016-09-12 05:40:52.831    Version info:    Detection engine    3.65.2
2016-09-12 05:40:52.831    Version info:    Detection data    5.31
2016-09-12 05:40:52.831    Version info:    Build date    06/09/2016
2016-09-12 05:40:52.831    Version info:    Data files added    172
2016-09-12 05:40:52.831    Version info:    Last successful update    (not yet updated)
2016-09-12 05:50:40.342    Downloading updates...
2016-09-12 05:50:40.358    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2016-09-12 05:50:40.358    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-09-12 05:50:40.358    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-09-12 05:50:40.358    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2016-09-12 05:50:40.358    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I49502] sdds.data0910.xml: found supplement IDE532 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2016-09-12 05:50:40.358    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE532 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE532 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product IDE532 LATEST path=]
2016-09-12 05:50:40.358    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=]
2016-09-12 05:50:40.358    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path=
2016-09-12 05:50:40.358    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-09-12 05:50:42.108    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2016-09-12 05:50:42.108    Update progress: [I19463] Product download size 151406551 bytes
2016-09-12 05:51:20.808    Update progress: [I19463] Syncing product IDE532 LATEST path=
2016-09-12 05:51:20.808    Update progress: [I19463] Product download size 1832805 bytes
2016-09-12 05:51:23.777    Update progress: [I19463] Syncing product IDE533 LATEST path=
2016-09-12 05:51:23.777    Update progress: [I19463] Product download size 384365 bytes
2016-09-12 05:51:24.370    Update progress: [I19463] Syncing product IDE534 LATEST path=
2016-09-12 05:51:24.433    Installing updates...
2016-09-12 05:51:26.511    Error level 1
2016-09-12 05:52:06.562    Update successful
2016-09-12 05:52:23.038    Option all = no
2016-09-12 05:52:23.038    Option recurse = yes
2016-09-12 05:52:23.038    Option archive = no
2016-09-12 05:52:23.038    Option service = yes
2016-09-12 05:52:23.038    Option confirm = yes
2016-09-12 05:52:23.038    Option sxl = yes
2016-09-12 05:52:23.038    Option max-data-age = 35
2016-09-12 05:52:23.038    Option vdl-logging = yes
2016-09-12 05:52:23.069    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-09-12 05:52:23.069    Machine ID:    5610c4b7cf55486183edf6984366a0d1
2016-09-12 05:52:23.085    Component SVRTcli.exe version 2.5.6
2016-09-12 05:52:23.085    Component control.dll version 2.5.6
2016-09-12 05:52:23.085    Component SVRTservice.exe version 2.5.6
2016-09-12 05:52:23.085    Component engine\osdp.dll version 1.44.1.2252
2016-09-12 05:52:23.085    Component engine\veex.dll version 3.65.2.2252
2016-09-12 05:52:23.085    Component engine\savi.dll version 9.0.1.2252
2016-09-12 05:52:23.085    Component rkdisk.dll version 1.5.30.0
2016-09-12 05:52:23.085    Version info:    Product version    2.5.6
2016-09-12 05:52:23.085    Version info:    Detection engine    3.65.2
2016-09-12 05:52:23.085    Version info:    Detection data    5.31
2016-09-12 05:52:23.085    Version info:    Build date    06/09/2016
2016-09-12 05:52:23.085    Version info:    Data files added    172
2016-09-12 05:52:23.085    Version info:    Last successful update    12/09/2016 12:52:06

2016-09-12 06:26:47.154    Could not open C:\hiberfil.sys
2016-09-12 06:26:56.498    Could not open C:\pagefile.sys
2016-09-12 07:18:19.050    Could not open C:\swapfile.sys
2016-09-12 07:21:56.328    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.328    Could not open C:\System Volume Information\{7eb90976-7638-11e6-bf7b-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.343    Could not open C:\System Volume Information\{7eb9099d-7638-11e6-bf7b-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.343    Could not open C:\System Volume Information\{837cdcb9-6d97-11e6-bf79-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.343    Could not open C:\System Volume Information\{a2c3c268-6874-11e6-bf77-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.343    Could not open C:\System Volume Information\{bd5ed4e6-77e0-11e6-bf7e-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:21:56.343    Could not open C:\System Volume Information\{bd5ed581-77e0-11e6-bf7e-a0481c221f2a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-09-12 07:23:15.516    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
2016-09-12 07:23:15.516    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
2016-09-12 07:23:15.516    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
2016-09-12 07:23:15.516    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
2016-09-12 07:23:15.516    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
2016-09-12 07:23:15.532    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
2016-09-12 07:23:15.532    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
2016-09-12 07:23:15.532    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
2016-09-12 07:23:15.532    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
2016-09-12 07:23:15.532    Could not open C:\Users\sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
2016-09-12 07:39:30.687    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-09-12 07:39:30.690    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-09-12 07:39:39.331    Could not open C:\Windows\System32\config\BBI
2016-09-12 07:39:39.558    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-09-12 07:39:39.568    Could not open C:\Windows\System32\config\RegBack\SAM
2016-09-12 07:39:39.570    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-09-12 07:39:39.600    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-09-12 07:39:39.612    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-09-12 10:17:58.733    Could not check F:\Cataloque Product\Cegelec File\BECK UP  SERVER\PT INDOKOMAS\REQUEST_TOOL\COMMISIONING P BALMER\E11 WS 304 TOOLS BOX ELECTRIK FACOM.xls (corrupt)
2016-09-12 10:17:59.186    Could not check F:\Cataloque Product\Cegelec File\BECK UP  SERVER\PT INDOKOMAS\REQUEST_TOOL\CONOCO M0117 01\E12 WS 173 TOOLS BOX ELECTRIK.xls (corrupt)
2016-09-12 10:20:05.318    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tool Box (BIH)\Standard Tool\TOOL BOX-2012.xls (corrupt)
2016-09-12 10:20:06.115    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04  TUNU 11.xls (corrupt)
2016-09-12 10:20:06.177    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04  WS  07.xls (corrupt)
2016-09-12 10:20:06.224    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04  WS  11.xls (corrupt)
2016-09-12 10:20:06.271    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04  WS  I.xls (corrupt)
2016-09-12 10:20:06.318    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04  WS 24.xls (corrupt)
2016-09-12 10:20:06.334    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\TB C 04 E 03058.xls (corrupt)
2016-09-12 10:20:06.349    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\WS  A.xls (corrupt)
2016-09-12 10:20:06.412    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\WS  E 03546.xls (corrupt)
2016-09-12 10:20:06.459    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\WS - 16.xls (corrupt)
2016-09-12 10:20:06.506    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\WS 02.xls (corrupt)
2016-09-12 10:20:06.537    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 04  Storage ( 2008 )\WS 17.xls (corrupt)
2016-09-12 10:20:06.584    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\C 06 -- 02.xls (corrupt)
2016-09-12 10:20:06.615    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\CONTOH TB BLK PAPAN.xls (corrupt)
2016-09-12 10:20:06.631    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 01348 B.xls (corrupt)
2016-09-12 10:20:06.677    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 01348.xls (corrupt)
2016-09-12 10:20:06.709    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 01460.xls (corrupt)
2016-09-12 10:20:06.740    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 06 -- 259  ( RED ).xls (corrupt)
2016-09-12 10:20:06.756    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 06 -- 265.xls (corrupt)
2016-09-12 10:20:06.771    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 07 -- 14.xls (corrupt)
2016-09-12 10:20:06.818    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  10     (  electrical )xls.xls (corrupt)
2016-09-12 10:20:06.990    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  26     (  electrical )xls.xls (corrupt)
2016-09-12 10:20:07.162    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  27    (  electrical )xls.xls (corrupt)
2016-09-12 10:20:07.334    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  28    (  instrument l )xls.xls (corrupt)
2016-09-12 10:20:07.490    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  51    (  electrical )xls.xls (corrupt)
2016-09-12 10:20:07.646    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  51.    (  electrical )xls.xls (corrupt)
2016-09-12 10:20:07.787    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  52    (  electrical )xls.xls (corrupt)
2016-09-12 10:20:07.943    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 --  53    (  electrical )xls.xls (corrupt)
2016-09-12 10:20:08.068    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 03    (  instrument )xls.xls (corrupt)
2016-09-12 10:20:08.209    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 05     (  instrument )xls.xls (corrupt)
2016-09-12 10:20:08.334    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 06     (  instrument )xls.xls (corrupt)
2016-09-12 10:20:08.459    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 07     (  instrument )xls.xls (corrupt)
2016-09-12 10:20:08.584    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 08     (  electrical )xls.xls (corrupt)
2016-09-12 10:20:08.678    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 09     (  electrical )xls.xls (corrupt)
2016-09-12 10:20:08.803    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\E 08 -- 222     (  instrument )xls.xls (corrupt)
2016-09-12 10:20:08.896    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 06 -- 259 ( electrical ) .xls (corrupt)
2016-09-12 10:20:09.006    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 06 --258 ( electrical ).xls (corrupt)
2016-09-12 10:20:09.099    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 06 --266.( electrical ).xls (corrupt)
2016-09-12 10:20:09.209    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 06 --266.( electrical )4 JUNE 08.xls (corrupt)
2016-09-12 10:20:09.303    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 07 -- 02 ( Electrical )2 JUNE 08.xls (corrupt)
2016-09-12 10:20:09.365    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 08 -- 01  .Bp maintenance.xls (corrupt)
2016-09-12 10:20:09.459    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 08 -- 01 ( Instrument ).KRISI xls.xls (corrupt)
2016-09-12 10:20:09.537    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 08 -- 01 ( Instrument ).xls (corrupt)
2016-09-12 10:20:09.615    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 08 -- 02. (Electrical )xls.xls (corrupt)
2016-09-12 10:20:09.662    Could not check F:\Cataloque Product\Cegelec File\Bidni\Content Tool of Box (BIH)\Tools Box C 06 Storage ( 2008 )\TB E 08 -- 03  .Bp  M 004.xls (corrupt)
2016-09-12 10:20:10.209    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\LIST TOOL INST AND ELECT IBP-Tangguh.xls (corrupt)
2016-09-12 10:20:10.256    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\STANDAR TOOLS BOX ELECTRICAL  MECANICAL INSTRUMENT DAN TELKOM\TOOLS BOX SET\TOOLS BOX  MECHANICAL.xls (corrupt)
2016-09-12 10:20:10.271    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\STANDAR TOOLS BOX ELECTRICAL  MECANICAL INSTRUMENT DAN TELKOM\TOOLS BOX SET\TOOLS BOX ELECTRIC.xls (corrupt)
2016-09-12 10:20:10.287    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\STANDAR TOOLS BOX ELECTRICAL  MECANICAL INSTRUMENT DAN TELKOM\TOOLS BOX SET\TOOLS BOX INSTRUMENT.xls (corrupt)
2016-09-12 10:20:10.303    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\STANDAR TOOLS BOX ELECTRICAL  MECANICAL INSTRUMENT DAN TELKOM\TOOLS BOX SET\TOOLS BOX TELKOM.xls (corrupt)
2016-09-12 10:20:10.318    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\Tool Tangguh.xlsx (corrupt)
2016-09-12 10:20:10.349    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\Tool Tangguh1.xlsx (corrupt)
2016-09-12 10:20:10.396    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 302     ADARO.xls (corrupt)
2016-09-12 10:20:10.396    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 305     ADARO.xls (corrupt)
2016-09-12 10:20:10.428    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 307     ADARO.xls (corrupt)
2016-09-12 10:20:10.443    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 309     ADARO.xls (corrupt)
2016-09-12 10:20:10.443    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 311     ADARO.xls (corrupt)
2016-09-12 10:20:10.459    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 312     ADARO.xls (corrupt)
2016-09-12 10:20:10.475    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 315     ADARO.xls (corrupt)
2016-09-12 10:20:10.490    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 316     ADARO.xls (corrupt)
2016-09-12 10:20:10.506    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 318     ADARO.xls (corrupt)
2016-09-12 10:20:10.537    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL  FACOM  E 11 WS 83  CONOCO.xls (corrupt)
2016-09-12 10:20:10.553    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  ELECTRICAL FACOM  E 11 WS 313      ADARO.xls (corrupt)
2016-09-12 10:20:10.553    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  MECANICAL  FACOM  E 11 WS 295      ADARO.xls (corrupt)
2016-09-12 10:20:10.568    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  MECANICAL  FACOM  E 11 WS 298      ADARO.xls (corrupt)
2016-09-12 10:20:10.584    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  MECANICAL  FACOM  E 11 WS 299      ADARO.xls (corrupt)
2016-09-12 10:20:10.600    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  MECANICAL  FACOM  E 11 WS 301      ADARO.xls (corrupt)
2016-09-12 10:20:10.615    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX  MECANICAL  FACOM  E 11 WS 314      ADARO.xls (corrupt)
2016-09-12 10:20:10.631    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX ELECTRICAL FACOM     E11 WS 306     COMMISSIONING.xls (corrupt)
2016-09-12 10:20:10.631    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX ELECTRICAL FACOM     E11 WS 308     COMMISSIONING.xls (corrupt)
2016-09-12 10:20:10.662    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX ELECTRICAL FACOM     E11 WS 310     COMMISSIONING.xls (corrupt)
2016-09-12 10:20:10.678    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX ELECTRICAL FACOM     E11 WS 317     COMMISSIONING.xls (corrupt)
2016-09-12 10:20:10.678    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX  GENERAL  ( FACOM )\TOOLS BOX ELECTRICAL FACOM     E11 WS 319     COMMISSIONING.xls (corrupt)
2016-09-12 10:20:10.693    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX & GB\TOOLS BOX  MECANICAL  FACOM.xls (corrupt)
2016-09-12 10:20:10.725    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX & GB\TOOLS BOX ELECTRICAL  FACOM.xls (corrupt)
2016-09-12 10:20:10.756    Could not check F:\Cataloque Product\Cegelec File\Bidni\ISI TOOL BOX\TOOLS BOX & GB\TOOLS BOX INSTRUMENT FACOM.xls (corrupt)
2016-09-12 10:20:42.570    Could not check F:\Cataloque Product\Cegelec File\INVOICE__ALL 13\INVOICE\INVOICE TOOL\INVOICE 2013\GIS BANDARA BALI       T0119 01\34C64000 (corrupt)
2016-09-12 11:02:55.425    >>> Virus 'Troj/Agent-AEEN' found in file F:\Software\Adobe\Adobe Illustrator CC 17.1 Final Multilanguage [ChingLiu]\crack\Adobe.CC.Anticloud.exe
2016-09-12 11:08:54.558    >>> Virus 'Troj/Agent-WFN' found in file F:\Software\PowerISO FULL 6.6 + Crack [TechTools.NET]\PowerISO FULL 6.6 + Crack [TechTools.NET]\Patch\poweriso.6.2.0.0-patch.exe
2016-09-12 11:09:06.998    >>> Virus 'Troj/Agent-WFN' found in file F:\Software\PowerISO FULL 6.6 + Crack [TechTools.NET]\PowerISO FULL 6.6 + Crack [TechTools.NET]\Patch\poweriso.6.2.0.0.patch-knd.zip
2016-09-12 11:29:19.171    The following items will be cleaned up:
2016-09-12 11:29:19.171    Troj/Agent-AEEN
2016-09-12 11:29:19.171    Troj/Agent-WFN
 

Sample 5.jpg

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.