Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016 Ran by adam (administrator) on ADAM-VAIO (12-06-2016 03:00:18) Running from C:\Users\adam\Desktop Loaded Profiles: adam (Available Profiles: adam) Platform: Windows 7 Home Premium (X64) Language: Español (España, internacional) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Faronics Corporation) C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Adblock Pro Team) C:\Program Files\Adblock Pro\abpmain.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Robert Misiak) C:\Program Files (x86)\ChronosXP\ChronosXP.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Faronics Corporation) C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.) HKLM\...\Run: [adblock pro] => C:\Program Files\Adblock Pro\abpmain.exe [602112 2010-06-30] (Adblock Pro Team) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.) Winlogon\Notify\DfLogon: LogonDll.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3933392 2016-02-11] (Tonec Inc.) HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\Run: [ChronosXP] => C:\Program Files (x86)\ChronosXP\ChronosXP.exe [599040 2009-04-12] (Robert Misiak) HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\MountPoints2: {462e1294-49ef-11e5-91d1-c44619b4705a} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\MountPoints2: {a4803c66-3c49-11e4-8c54-c44619b4705a} - E:\LG_PC_Programs.exe ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-23] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) BootExecute: autocheck autochk /k:C * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131054094815536768&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-2800183623-575756498-154981772-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE HKU\S-1-5-21-2800183623-575756498-154981772-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.teoma.com/?tpid=ARS2-TMG&o=APN11170&pf=V7&trgb=IE&p2=%5ECGT%5EYYYYYY%5ECW%5EES&gct=hp&apn_ptnrs=%5ECGT&apn_dtid=%5EYYYYYY%5ECW%5EES&apn_dbr=iexplore.exe_0_8.0.7600.16385&apn_uid=0FB13A64-B6D2-4DED-BB00-B49FA9F6FFCC&itbv=12.40.4.66&doi=2016-05-10&psv=&pt=tb SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> {3B3C9D35-9BB0-436E-94DC-70C33EC11BC7} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> {438FD3B4-F8DC-4029-94DF-E207575B533B} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-05-23] (Sun Microsystems, Inc.) BHO: Adblock Pro -> {F385C231-605B-4d8f-ACA9-DBFF765BBE17} -> C:\Program Files\Adblock Pro\AdblockPro.dll [2010-07-01] (Adblock Pro Team) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Windows Live Aplicación auxiliar de inicio de sesión -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-05-23] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-2800183623-575756498-154981772-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-05-06] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-05-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-05-06] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-05-06] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\adam\AppData\Roaming\Mozilla\Firefox\Profiles\5y32pq5i.default FF SearchEngineOrder.3: Bing FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2006-12-13] (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\MediaDICO-fr.xml [2006-09-06] FF Extension: IDM CC - C:\Users\adam\AppData\Roaming\IDM\idmmzcc5 [2016-06-12] [not signed] FF Extension: Talkback - C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org [2014-08-19] [not signed] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\adam\AppData\Roaming\IDM\idmmzcc5 FF HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\adam\AppData\Roaming\IDM\idmmzcc5 FF HKU\S-1-5-21-2800183623-575756498-154981772-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] StartMenuInternet: FIREFOX.EXE - firefox.exe FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2006-12-05] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2006-12-13] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2006-12-05] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2006-12-05] Chrome: ======= CHR Profile: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Presentaciones de Google) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-10] CHR Extension: (Google Docs) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-10] CHR Extension: (Google Drive) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-10] CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-10] CHR Extension: (Hojas de cálculo de Google) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-10] CHR Extension: (Documentos de Google sin conexión) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-10] CHR Extension: (Skype) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-10] CHR Extension: (IDM Integration Module) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-10] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10] CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-10] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1073664 2010-05-20] (Faronics Corporation) [File not signed] R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2015-02-04] (Intel Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation) R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [227352 2010-05-20] (Faronics Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed] S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed] R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2016-04-15] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-10] () S3 catchme; \??\C:\Users\adam\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-12 03:00 - 2016-06-12 03:01 - 00020704 _____ C:\Users\adam\Desktop\FRST.txt 2016-06-12 03:00 - 2016-06-12 03:00 - 00000000 ____D C:\FRST 2016-06-12 02:58 - 2016-06-12 02:58 - 02385408 _____ (Farbar) C:\Users\adam\Desktop\FRST64.exe 2016-06-11 21:15 - 2016-06-11 21:15 - 00109617 _____ C:\Users\adam\Desktop\ZHPDiag.txt 2016-06-11 19:16 - 2016-06-11 19:16 - 00003240 _____ C:\Users\adam\Desktop\ZHPFix[R10].txt 2016-06-11 15:52 - 2016-06-11 15:52 - 03521617 _____ (Nicolas Coolman ) C:\Users\adam\Desktop\ZHPFix (2).exe 2016-06-11 15:52 - 2016-06-11 15:52 - 00001849 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-06-11 15:52 - 2016-06-11 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-06-11 15:51 - 2016-06-11 15:52 - 03521617 _____ (Nicolas Coolman ) C:\Users\adam\Downloads\ZHPFix (2).exe 2016-06-11 15:15 - 2016-06-11 15:15 - 03521617 _____ (Nicolas Coolman ) C:\Users\adam\Downloads\ZHPFix (1).exe 2016-06-11 15:14 - 2016-06-11 15:15 - 03521617 _____ (Nicolas Coolman ) C:\Users\adam\Downloads\ZHPFix.exe 2016-06-11 13:26 - 2016-06-11 13:26 - 08367364 _____ C:\Users\adam\Desktop\الأدلة الأورموس.rar 2016-06-11 06:29 - 2016-06-11 06:29 - 00416829 _____ C:\Users\adam\Desktop\التطعيمات هل هى فعلا امنة وفعالة؟.pdf 2016-06-11 01:52 - 2016-06-07 21:58 - 00036864 _____ C:\Users\adam\Desktop\برنامج حساب الاحرف الفعلية الطبائعية للشيخ سعيد سلام.exe 2016-06-10 17:59 - 2016-06-10 17:59 - 02213888 _____ C:\Users\adam\Desktop\ZHPDiag3_2.exe 2016-06-10 17:22 - 2016-06-10 22:11 - 00000000 ____D C:\Users\adam\Desktop\SalityKiller 2016-06-10 17:21 - 2016-06-10 17:21 - 00170498 _____ C:\Users\adam\Desktop\SalityKiller.rar 2016-06-10 16:57 - 2016-06-11 15:52 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2016-06-10 16:16 - 2016-06-10 17:58 - 02215424 _____ C:\Users\adam\ZHPDiag3.exe 2016-06-10 16:01 - 2016-06-10 16:35 - 1477363712 ____R C:\Users\adam\Downloads\[ www.CpasBien.pw ] X-Men.Days.of.Future.Past.2014.ROGUE.CUT.FRENCH.BDRiP.XviD-ZT.avi 2016-06-10 16:01 - 2016-06-10 16:01 - 00113411 _____ C:\Users\adam\Downloads\[kat.cr]x.men.days.of.future.past.2014.rogue.cut.french.bdrip.xvid.zt.avi.torrent 2016-06-10 16:00 - 2016-06-10 16:00 - 00056895 _____ C:\Users\adam\Downloads\[kat.cr]teenage.mutant.ninja.turtles.2014.french.bdrip.xvid.glups.torrent 2016-06-10 16:00 - 2016-06-10 16:00 - 00000000 ____D C:\Users\adam\Downloads\[www.Cpasbien.pe] Teenage.Mutant.Ninja.Turtles.2014.FRENCH.BDRip.XviD-GLUPS 2016-06-10 07:01 - 2016-06-10 07:01 - 00000000 ____D C:\ProgramData\IDM 2016-06-10 06:58 - 2016-06-10 06:27 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-06-10 06:32 - 2016-06-11 12:44 - 00000000 ____D C:\Users\adam\AppData\Local\CrashDumps 2016-06-10 06:27 - 2016-06-10 07:00 - 00000000 ____D C:\zoek_backup 2016-06-09 17:36 - 2016-06-10 19:07 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-06-09 17:33 - 2016-06-09 17:33 - 19906632 _____ C:\Users\adam\Desktop\RogueKiller.exe 2016-06-09 17:33 - 2016-06-09 17:33 - 00000000 ____D C:\ProgramData\RogueKiller 2016-06-09 17:17 - 2016-06-09 20:12 - 00000000 ____D C:\AdwCleaner 2016-06-09 17:17 - 2016-06-09 17:17 - 03677248 _____ C:\Users\adam\Desktop\AdwCleaner.exe 2016-06-09 17:05 - 2016-06-09 17:05 - 01610816 _____ (Malwarebytes) C:\Users\adam\Desktop\JRT_2.exe 2016-06-09 16:06 - 2016-06-11 19:52 - 00000000 ____D C:\Users\adam\AppData\Roaming\ZHP 2016-06-09 16:06 - 2016-06-10 16:16 - 00000663 _____ C:\Users\adam\Desktop\ZHPDiag.lnk 2016-06-09 16:04 - 2016-06-09 16:05 - 02213888 _____ C:\Users\adam\Desktop\ZHPDiag3.exe 2016-06-09 15:29 - 2016-06-09 15:47 - 728587268 ____R C:\Users\adam\Downloads\[ www.CpasBien.cm ] Kill.Command.2016.FRENCH.BDRip.XviD-EXTREME.avi 2016-06-09 15:29 - 2016-06-09 15:29 - 00058208 _____ C:\Users\adam\Downloads\identify-kill-command-french-dvdrip-2016.torrent 2016-06-09 15:28 - 2016-06-09 15:31 - 1522614634 _____ C:\Users\adam\Downloads\[ www.CpasBien.cm ] Never.Back.Down.No.Surrender.2016.FRENCH.WEBRiP.XViD.AC3-GODSPACE.avi 2016-06-09 15:27 - 2016-06-09 15:27 - 00118812 _____ C:\Users\adam\Downloads\never-back-down-no-surrender-french-webrip-2016.torrent 2016-06-09 15:25 - 2016-06-09 15:41 - 728758332 ____R C:\Users\adam\Downloads\[ www.CpasBien.cm ] London.Has.Fallen.2016.FRENCH.BDRip.XviD-EXTREME.avi 2016-06-09 15:24 - 2016-06-09 15:24 - 00058213 _____ C:\Users\adam\Downloads\la-chute-de-londres-french-dvdrip-2016.torrent 2016-06-09 15:24 - 2016-06-09 15:24 - 00058213 _____ C:\Users\adam\Downloads\la-chute-de-londres-french-dvdrip-2016 (1).torrent 2016-06-09 13:56 - 2016-06-09 13:56 - 00003544 ____N C:\bootsqm.dat 2016-06-04 09:00 - 2016-05-23 01:13 - 00000000 ____D C:\Users\adam\Desktop\مخطوط الفوائد الاثريه المغربيه رقم1 2016-05-27 23:32 - 2016-05-27 23:32 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-05-27 23:32 - 2016-05-27 23:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-05-27 23:32 - 2016-05-27 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-05-27 23:32 - 2016-05-27 23:32 - 00000000 ____D C:\Program Files\CCleaner 2016-05-15 21:34 - 2016-05-15 21:59 - 754026004 ____R C:\Users\adam\Downloads\[ www.CpasBien.cm ] Risen.2016.FRENCH.BDRip.XViD-eVe.avi 2016-05-15 21:34 - 2016-05-15 21:34 - 00060137 _____ C:\Users\adam\Downloads\la-resurrection-du-christ-french-dvdrip-2016.torrent 2016-05-15 21:32 - 2016-05-15 22:00 - 729041196 _____ C:\Users\adam\Downloads\[ www.CpasBien.cm ] The.Trust.2016.FRENCH.BDRip.XviD-EXTREME.avi 2016-05-15 21:32 - 2016-05-15 21:32 - 00058245 _____ C:\Users\adam\Downloads\the-trust-french-dvdrip-2016.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-12 03:00 - 2009-07-14 06:45 - 00019808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-12 03:00 - 2009-07-14 06:45 - 00019808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-12 02:57 - 2014-05-24 15:24 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{032604FB-659B-4B42-BC43-6FA46EADF1AB} 2016-06-12 02:57 - 2014-05-23 23:33 - 00734600 _____ C:\Windows\system32\perfh00A.dat 2016-06-12 02:57 - 2014-05-23 23:33 - 00156710 _____ C:\Windows\system32\perfc00A.dat 2016-06-12 02:57 - 2009-07-14 07:13 - 01669262 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-12 02:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-06-12 02:56 - 2015-07-25 18:09 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-12 02:54 - 2014-05-23 22:59 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-12 02:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-12 00:34 - 2015-07-12 16:02 - 00000000 ____D C:\Users\adam\AppData\Roaming\DMCache 2016-06-12 00:15 - 2014-05-23 22:59 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-12 00:10 - 2015-07-25 18:09 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-06-11 13:46 - 2016-03-21 21:13 - 00000000 ____D C:\Users\adam\Desktop\2016 2016-06-11 11:33 - 2015-08-20 13:54 - 00000000 ____D C:\Users\adam\AppData\LocalLow\Temp 2016-06-10 22:12 - 2009-07-14 04:34 - 00000219 _____ C:\Windows\system.ini 2016-06-10 17:58 - 2014-05-24 15:22 - 00000000 ____D C:\Users\adam 2016-06-10 06:48 - 2014-08-19 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-09 17:22 - 2014-05-23 22:59 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-09 17:05 - 2016-03-08 19:05 - 00000000 ____D C:\Users\adam\AppData\Roaming\IDM 2016-06-09 16:12 - 2014-05-23 23:12 - 00000000 ____D C:\Temp 2016-06-09 15:09 - 2015-07-12 16:26 - 00000000 ____D C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Trash Keys Finder 2016-06-09 15:08 - 2014-05-24 15:37 - 00000000 ____D C:\Users\adam\AppData\Local\Google 2016-06-09 15:08 - 2014-05-23 22:59 - 00000000 ____D C:\ProgramData\Google 2016-06-09 15:07 - 2014-05-23 22:55 - 00000000 ____D C:\ProgramData\McAfee 2016-06-09 15:06 - 2016-01-10 22:38 - 00000000 ____D C:\Program Files (x86)\Opera 2016-06-09 06:24 - 2014-05-28 21:57 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-09 06:24 - 2014-05-23 22:59 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-05 22:38 - 2014-05-24 18:46 - 00000000 ____D C:\Users\adam\AppData\Roaming\Skype 2016-06-02 23:28 - 2009-07-14 07:08 - 00032516 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-27 23:36 - 2016-04-17 17:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-27 23:34 - 2014-05-28 21:46 - 00000000 ____D C:\Windows\Minidump 2016-05-27 23:34 - 2010-07-12 22:26 - 00000000 ____D C:\Windows\Panther 2016-05-23 18:56 - 2014-05-25 11:36 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2016-05-13 21:56 - 2015-07-25 18:09 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 21:56 - 2015-07-25 18:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 21:56 - 2015-07-25 18:09 - 00003912 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-05-13 21:56 - 2015-07-25 18:09 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-13 14:52 - 2014-08-19 20:44 - 00000000 ____D C:\Users\adam\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2016-01-09 19:18 - 2016-01-09 19:18 - 0000218 _____ () C:\Users\adam\AppData\Local\recently-used.xbel Files to move or delete: ==================== C:\Users\adam\ZHPDiag3.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-08 06:37 ==================== End of FRST.txt ============================