Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Dnsapi.dll Block all internet connection


  • This topic is locked This topic is locked
43 replies to this topic

#1 nickylim95

nickylim95

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 14 January 2016 - 01:14 AM

Hello.. please help me.. i really need help please..ASAP
i use Windows 10 AsusTP 300LD ( i3 ,4 GB RAM) nvidia geforce 820m
 
i dont use any browser only microsoft edge.. and microsoft edge cant use extension.. so i dont use any extention
i already do all 
scan with emsisoft malware, spyhunter, windows defender but all can detect but cant remove the infected dnsapi.dll
please help.. here i give you some screenshoot from my computer.. please expert help me
i check from another web its because shopperz.. and i have shopperz software on my computer.. i already try to remove it.. but it cant
my dnsapi dll is already patched by the virus
 
i already run systemlook but the result is just like myscreenshoot
please help i really need help asap
 
i already do all another forum say.. no one can help
please expert help me

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. Duplicate topic deleted. ~ Animal
 
Here My FRST     Mod Edit:  Removed FRST log not requested, appears AII is correct forum for issues - Hamluis.

EDIT: FRST re-added at the suggestion of Malware Removal Trainee who will assist member. Topic moved back to Malware logs forum. ~Animal

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by ASUS PC (administrator) on NICKYLIM (14-01-2016 15:43:17)
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC & nicky (Available Profiles: ASUS PC & nicky)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(tsvr.com) C:\Users\ASUS PC\AppData\Roaming\TSv\TSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Users\ASUS PC\AppData\Roaming\NetService\netservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Riverbed Technology, Inc.) C:\Program Files (x86)\WinPcap\rpcapd.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Loaris Inc.) C:\Program Files\Loaris\Trojan Remover\ltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\ASUS PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => D:\Aplikasi\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {022cb825-388e-11e5-8332-acd1b84afe07} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {043211d1-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {04321219-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {043212e3-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {04321327-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {0432134e-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {25541c02-3897-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2d2c6ca7-36aa-11e5-9bc2-acd1b84afe07} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a30b0-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a3aec-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a3cb2-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f3fa0-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4110-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4d87-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4eb7-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3e90260b-3927-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3e9027ad-3927-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {4b700306-3876-11e5-8330-cbac9f80d6e0} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {6d8762bb-3947-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {6d8763f5-3947-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {90847c45-36f0-11e5-9bc2-a43ac1e4acb4} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {bc43accb-3889-11e5-8332-acd1b84afe07} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba11a-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba28f-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba3ff-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba5bc-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36bab34-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {cdc1b226-36f4-11e5-9bc2-a43ac1e4acb4} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {d2bb8e75-37be-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {d2bb8fd6-37be-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {e0c27ef9-37c7-11e5-832f-0260ae925301} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50098;https=127.0.0.1:50098
ProxyServer: [S-1-5-21-2388969625-1933337250-1248866418-1004] => http=127.0.0.1:50098;https=127.0.0.1:50098
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 202.73.99.4 202.73.99.2 61.247.0.130
Tcpip\..\Interfaces\{1137592d-234b-4bd7-a77b-cf057a0a4b77}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{265a8ae8-0adf-45df-a08e-e986d44957df}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4c6a6430-9b0d-4ed4-aab0-7e1625f72041}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2BF10F6-725E-4FFE-94A1-21B6CDF03076}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{b26064d6-5f3e-4190-a3e8-4e40497aa1a4}: [DhcpNameServer] 10.20.2.1
Tcpip\..\Interfaces\{da8dec3b-0446-466d-8b5d-2374c65dbc6c}: [DhcpNameServer] 202.73.99.4 202.73.99.2 61.247.0.130

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=0003446E&OHP=http%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3Dcmi%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3Dcmi%26uid%3DTOSHIBAXMQ01ABF050%5FZ4LIC60WTXXZ4LIC60WT%26ts%3D1434260129%26type%3Ddefault%26q%3D%7BsearchTerms%7D
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130930420739018966&GUID=0C2B0C5C-9504-4239-93C7-FC08136C4C1C
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://id.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_15_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0DtC0BzzyE0A0F0EtDyBzyyB0C0AtN0D0Tzu0StCtBtAyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0D0ByCyBtD0ByEtG0Azz0A0AtGzz0F0ByEtG0EzyzyyCtGtD0Azy0FyCyCtAtByD0E0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0B0FtByCtB0D0EtGzytA0A0FtGyE0B0F0FtGzytC0AtBtGyE0F0DyEzytBzztDyC0CzztC2QtN0A0LzutB%26cr%3D869312398%26a%3Dwncy_mp3_15_21%26os%3DWindows 8.1 Single Language&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> hxxp://google.com/

FireFox:
========
FF ProfilePath: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1438457126&z=43e7d3442b78a8d4a7fdf5fgezccdb6z9w0mceaq6m&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT
FF DefaultSearchEngine: oursurfing
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: oursurfing
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1438424841&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q=
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF user.js: detected! => C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\user.js [2015-09-01]
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\delta-homes.xml [2015-07-25]
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\mystartsearch.xml [2015-08-01]
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\oursurfing.xml [2015-06-16]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: QuickSearch - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\searchffv2@gmail.com [2015-06-14] [not signed]
FF Extension: Default NewTab - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\default_newtabff@gmail.com [2015-07-24] [not signed]
FF Extension: Default SearchProtected - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\defsearchp@gmail.com [2015-07-24] [not signed]
FF Extension: deskCut - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\deskCutv2@gmail.com [2015-07-31] [not signed]
FF Extension: No Name - C:\Users\ASUS PC\AppData\Roaming\IDM\idmmzcc5 [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: MEGA - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\firefox@mega.co.nz.xpi [2015-07-31] [not signed]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\iobitascsurfingprotection@iobit.com [2015-07-31] [not signed]
FF Extension: Set Search Settings - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\{b54cc223-b03f-4f2f-8cab-347ec67ab3fe} [2015-05-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\defsearchp@gmail.com

Chrome:
=======
CHR Profile: C:\Users\ASUS PC\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-04] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 IhPul; C:\Users\ASUS PC\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-03] (Intel® Corporation) [File not signed]
S3 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 NetTcpHandler; C:\Users\ASUS PC\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [69776 2014-04-30] (ASUS) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 lypufoho; C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25\knshEB92.tmpfs [X]
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [X]
S3 totyseku; C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25\hnsp25D4.tmp [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-05-08] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-14] (ASUS Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-02] ()
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-24] (Phoenix Technologies) [File not signed]
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-05-27] (Disc Soft Ltd)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-24] (REALiX)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 m76usb; C:\Windows\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-05-24] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [361984 2012-05-02] (QUALCOMM Incorporated)
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2015-08-04] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-11-28] (Research in Motion Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-05-24] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [143592 2015-08-02] (STMicroelectronics)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 15:43 - 2016-01-14 15:44 - 00028885 _____ C:\Users\ASUS PC\Desktop\FRST.txt
2016-01-14 15:43 - 2016-01-14 15:43 - 00000000 ____D C:\FRST
2016-01-14 15:40 - 2016-01-14 15:40 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-14 15:39 - 2016-01-14 15:39 - 00016148 _____ C:\Windows\system32\NICKYLIM_ASUS PC_HistoryPrediction.bin
2016-01-14 15:35 - 2016-01-14 15:35 - 00003198 _____ C:\Windows\System32\Tasks\Trojan Remover
2016-01-14 14:33 - 2016-01-14 14:32 - 02370560 _____ (Farbar) C:\Users\ASUS PC\Desktop\FRST64.exe
2016-01-14 13:43 - 2016-01-14 13:43 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-14 13:16 - 2016-01-14 13:30 - 00000630 _____ C:\Users\ASUS PC\Desktop\SystemLook.txt
2016-01-14 13:08 - 2016-01-14 13:08 - 00000000 ____D C:\ProgramData\Weskysoft
2016-01-14 13:00 - 2016-01-14 13:00 - 00000000 ____D C:\Users\ASUS PC\Desktop\[www.gigapurbalingga.com]_kDLLSuite2013.0.0
2016-01-14 12:59 - 2016-01-14 13:01 - 00000000 ____D C:\Users\ASUS PC\Desktop\[www.gigapurbalingga.com]_DLLSuite2013.0.0
2016-01-14 12:59 - 2016-01-14 12:59 - 00001185 _____ C:\Users\ASUS PC\Desktop\DllSuite.lnk
2016-01-14 12:59 - 2016-01-14 12:59 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2016-01-14 12:59 - 2016-01-14 12:59 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2016-01-14 12:15 - 2016-01-14 12:15 - 00002648 _____ C:\Users\ASUS PC\Desktop\fixlist.txt
2016-01-14 12:13 - 2016-01-14 12:13 - 00165376 _____ C:\Users\ASUS PC\Desktop\SystemLook_x64.exe
2016-01-14 12:00 - 2016-01-14 12:00 - 00003544 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-01-14 12:00 - 2016-01-14 12:00 - 00003534 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-01-14 11:56 - 2016-01-14 11:55 - 16531066 _____ C:\Users\ASUS PC\Desktop\_www.gigapurbalingga.com__DLLSuite2013.0.0.rar
2016-01-13 21:42 - 2016-01-13 21:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-13 20:10 - 2016-01-13 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-13 20:09 - 2016-01-14 15:43 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-01-13 03:32 - 2016-01-13 03:33 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-01-13 03:31 - 2016-01-13 19:42 - 00000000 ____D C:\Program Files\Loaris
2016-01-13 03:31 - 2016-01-13 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
2016-01-13 03:31 - 2016-01-13 03:31 - 00000000 ____D C:\ProgramData\Loaris
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\Documents\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\storage
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PunkBuster
2016-01-12 21:09 - 2016-01-12 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-01-12 20:53 - 2016-01-12 20:59 - 00000000 ___HD C:\$Windows.~BT
2016-01-12 10:02 - 2016-01-12 10:02 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\CAPCOM
2016-01-12 09:57 - 2016-01-12 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen
2016-01-11 10:52 - 2016-01-03 09:40 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 10:52 - 2016-01-03 09:40 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 05:10 - 2016-01-11 05:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Introversion
2016-01-11 05:05 - 2016-01-11 05:05 - 00000000 ____D C:\ProgramData\SkidRow
2016-01-11 05:04 - 2016-01-11 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Introversion Software
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\iPod
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-09 02:38 - 2016-01-09 02:38 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files\Bonjour
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-09 02:36 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-08 22:04 - 2014-07-28 16:47 - 00060408 _____ () C:\Windows\system32\Drivers\adgnetworktdi.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\ProgramData\fontcacheev1.dat
2016-01-08 12:42 - 2016-01-08 12:42 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\IObit
2016-01-08 12:42 - 2016-01-08 12:42 - 00000000 ____D C:\ProgramData\IObit
2016-01-08 12:32 - 2014-12-04 00:44 - 00404250 __RSH C:\bootmgr
2016-01-06 07:20 - 2016-01-07 21:49 - 01920605 _____ C:\Users\ASUS PC\Documents\PERLINDUNGAN MEREK TERKENAL YANG TIDAK TERDAFTAR DITINJAU DARI.pptx
2016-01-06 02:10 - 2016-01-06 02:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\MetaQuotes
2016-01-04 05:35 - 2016-01-06 00:20 - 774432670 _____ C:\Windows\MEMORY.DMP
2016-01-02 06:35 - 2016-01-02 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2016-01-02 05:21 - 2016-01-02 09:04 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PTE_Patch
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD Virtual VRAM Tool
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\PHDGD Virtual VRAM Tool
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD® NOW!
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\PHDGDNOWsoft
2016-01-01 05:48 - 2016-01-01 05:48 - 00329600 _____ C:\Windows\Minidump\010116-23906-01.dmp
2015-12-26 14:02 - 2015-12-26 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MX vs ATV Supercross Encore Edition
2015-12-26 07:42 - 2015-12-26 07:42 - 00000000 ____D C:\ProgramData\Milestone
2015-12-26 07:21 - 2015-12-26 07:21 - 00000000 ____D C:\ProgramData\Steam
2015-12-25 15:00 - 2015-12-25 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dzrepack games
2015-12-23 17:19 - 2015-12-26 07:21 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Milestone
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pQube
2015-12-21 17:31 - 2015-12-21 18:10 - 00000000 ____D C:\Intel
2015-12-19 07:18 - 2015-12-19 07:18 - 00002415 _____ C:\Users\ASUS PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-19 00:57 - 2015-11-25 12:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-19 00:55 - 2015-11-25 13:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-19 00:55 - 2015-11-25 10:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-18 21:20 - 2015-12-10 16:53 - 00199152 ____N (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 15:43 - 2015-07-30 19:08 - 00005982 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-14 15:43 - 2015-07-10 17:05 - 00000000 ____D C:\Windows
2016-01-14 15:42 - 2015-08-12 15:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-01-14 15:40 - 2015-05-02 07:59 - 00000000 __SHD C:\Users\ASUS PC\IntelGraphicsProfiles
2016-01-14 15:39 - 2015-07-30 18:47 - 00000000 ____D C:\Users\ASUS PC
2016-01-14 15:38 - 2015-07-10 20:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 15:38 - 2015-07-10 20:20 - 00433768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 14:21 - 2015-07-10 17:05 - 01048576 ___SH C:\Windows\system32\config\BBI
2016-01-14 14:20 - 2015-11-10 00:35 - 01209418 _____ C:\Windows\ntbtlog.txt
2016-01-14 14:20 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\oobe
2016-01-14 13:11 - 2015-07-10 19:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 13:11 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-14 01:42 - 2015-05-09 18:04 - 00004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{830B1675-C751-4D6A-8943-52242CF8EEF0}
2016-01-13 22:46 - 2015-05-19 01:17 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 22:41 - 2015-07-29 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 22:41 - 2015-05-19 01:16 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 22:40 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 22:40 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 22:39 - 2015-05-02 08:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 22:14 - 2015-07-10 19:02 - 00000000 ____D C:\Windows\INF
2016-01-13 22:01 - 2015-11-15 17:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-13 21:42 - 2015-10-12 00:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\184336EF-E544-445E-9051-F88FF6FB47A
2016-01-13 21:42 - 2015-10-07 03:54 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\RunDir
2016-01-13 21:42 - 2015-09-28 12:19 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\4135
2016-01-13 21:42 - 2015-07-26 02:29 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\917CC5DD-5F64-46A2-87F9-D94FAECE5E80
2016-01-13 21:42 - 2015-06-14 13:34 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\MailUpdate
2016-01-13 21:42 - 2015-05-22 19:26 - 00000000 ____D C:\Program Files (x86)\WinThruster
2016-01-13 19:35 - 2015-11-10 00:35 - 125042688 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-13 19:35 - 2015-11-10 00:35 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-13 19:35 - 2015-07-10 17:05 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-13 19:35 - 2015-05-22 20:24 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-01-13 19:22 - 2015-07-10 18:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 03:34 - 2015-10-31 00:39 - 00000000 ____D C:\ProgramData\JWMiniProJ
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagwrn.xml
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-12 20:58 - 2015-07-31 09:33 - 00000000 ___DC C:\Windows\Panther
2016-01-12 20:26 - 2015-06-23 16:46 - 00000000 ____D C:\Users\ASUS PC\Downloads\Compressed
2016-01-12 10:01 - 2014-12-04 00:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-10 06:25 - 2015-07-31 20:50 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-09 02:40 - 2015-05-01 22:44 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Apple Computer
2016-01-08 12:38 - 2015-05-02 07:59 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Packages
2016-01-08 12:32 - 2015-12-11 03:19 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-01-08 12:14 - 2015-05-10 21:54 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\DMCache
2016-01-06 14:41 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\NDF
2016-01-06 01:35 - 2015-12-14 22:08 - 00000835 _____ C:\Windows\system32\Drivers\etc\hosts.back
2016-01-06 00:22 - 2015-05-24 19:58 - 00000000 ____D C:\ProgramData\ProductData
2016-01-06 00:21 - 2015-08-05 14:53 - 00000000 ____D C:\Windows\Minidump
2016-01-01 20:49 - 2015-06-18 17:34 - 00000000 ____D C:\ProgramData\KONAMI
2016-01-01 20:49 - 2015-05-24 14:42 - 00000000 ____D C:\Users\ASUS PC\Documents\KONAMI
2015-12-31 12:14 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\rescache
2015-12-26 06:49 - 2015-09-04 00:56 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Deployment
2015-12-24 15:43 - 2015-11-11 20:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-12-24 15:43 - 2015-11-11 20:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-12-24 00:14 - 2015-10-07 05:39 - 00000000 ____D C:\Users\ASUS PC\Documents\Tugas Hukum
2015-12-22 09:00 - 2015-11-17 00:19 - 00000000 ____D C:\Users\nicky
2015-12-22 09:00 - 2015-11-11 20:22 - 00000000 ____D C:\Program Files\IIS
2015-12-22 09:00 - 2015-08-02 03:28 - 00000000 ____D C:\Windows\system32\huu
2015-12-22 09:00 - 2015-07-31 09:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-22 09:00 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-22 09:00 - 2015-07-30 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-22 09:00 - 2015-07-30 18:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\Intel
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\DIFX
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\system32\WCN
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\spool
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 09:00 - 2015-05-02 07:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-21 17:59 - 2015-11-10 00:35 - 00069632 _____ C:\Windows\system32\config\SAM.bak
2015-12-21 17:59 - 2015-07-10 17:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-12-21 17:01 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\Registration
2015-12-19 20:52 - 2015-05-13 23:37 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\ElevatedDiagnostics
2015-12-19 07:18 - 2015-05-09 18:50 - 00000000 __RDO C:\Users\ASUS PC\OneDrive

==================== Files in the root of some directories =======

2015-05-21 10:16 - 2015-07-29 19:32 - 0000024 _____ () C:\Users\ASUS PC\AppData\Roaming\appdataFr25.bin
2015-12-27 01:49 - 2015-12-27 01:49 - 0000473 _____ () C:\Users\ASUS PC\AppData\Roaming\droid4xinstaller.log
2015-05-02 08:04 - 2015-08-01 21:31 - 0000433 _____ () C:\Users\ASUS PC\AppData\Roaming\sp_data.sys
2015-06-29 17:14 - 2015-07-01 08:14 - 0000098 _____ () C:\Users\ASUS PC\AppData\Roaming\WB.CFG
2015-08-05 04:12 - 2015-08-05 04:12 - 0000037 ___SH () C:\Users\ASUS PC\AppData\Local\20986331705021ca58edc424.96250074
2015-06-23 02:01 - 2015-06-23 02:01 - 0005120 _____ () C:\Users\ASUS PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-14 18:24 - 2015-12-06 02:56 - 0007603 _____ () C:\Users\ASUS PC\AppData\Local\resmon.resmoncfg
2015-05-12 16:33 - 2015-05-12 16:33 - 0000000 _____ () C:\Users\ASUS PC\AppData\Local\Temp.dat
2015-07-30 18:42 - 2015-07-30 18:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-08 22:03 - 2016-01-08 22:03 - 0000231 _____ () C:\ProgramData\fontcacheev1.dat
2015-02-11 21:50 - 2014-03-26 09:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-12-04 00:56 - 2014-03-27 04:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-12-04 00:56 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-12-04 00:56 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-11-03 02:57 - 2015-11-03 02:57 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\RefreshReg.vbs
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\ASUS PC\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\ASUS PC\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-08-02 03:28] - [2015-08-02 03:28] - 0680256 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\dnsapi.dll => no Company Name <===== ATTENTION

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 09:11

==================== End of FRST.txt ============================

Here my addition
Quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by ASUS PC (2016-01-14 15:45:13)
Running from C:\Users\ASUS PC\Desktop
Windows 10 Home Single Language (X64) (2015-07-30 11:26:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2388969625-1933337250-1248866418-500 - Administrator - Disabled)
ASUS PC (S-1-5-21-2388969625-1933337250-1248866418-1001 - Administrator - Enabled) => C:\Users\ASUS PC
DefaultAccount (S-1-5-21-2388969625-1933337250-1248866418-503 - Limited - Disabled)
Guest (S-1-5-21-2388969625-1933337250-1248866418-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2388969625-1933337250-1248866418-1003 - Limited - Enabled)
nicky (S-1-5-21-2388969625-1933337250-1248866418-1004 - Limited - Enabled) => C:\Users\nicky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Pro Evolution Soccer 2016» 1.4.0.0 (HKLM-x32\...\«Pro Evolution Soccer 2016»_is1) (Version: 1.4.0.0 - KONAMI)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
DLL Suite 2014 (HKLM-x32\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Ghost Recon Future Soldier Complete Edition version 1.8.0.0 (HKLM-x32\...\Ghost Recon Future Soldier Complete Edition_is1) (Version: 1.8.0.0 - Ubisoft)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Loaris Trojan Remover 1.3.9.6 (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: - Loaris, Inc.)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek)
Metal Gear Solid V - The Phantom Pain version 1.0.2 (HKLM-x32\...\Metal Gear Solid V - The Phantom Pain_is1) (Version: 1.0.2 - dzrepack games)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
MotoGP 15 version 1.0.0 (HKLM-x32\...\MotoGP 15_is1) (Version: 1.0.0 - pQube)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3.1 PRO - MP3 Rocket Inc)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MX vs ATV Supercross Encore Edition (HKLM-x32\...\MX vs ATV Supercross Encore

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 14 January 2016 - 01:04 PM

Hi nickylim95 :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a reply.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 15 January 2016 - 07:54 AM

Hi nickylim95 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. We will reinstall these programs at the end of the clean-up if you need them.
  • Adobe Flash Player 18 NPAPI;
  • Adobe Flash Player 18 PPAPI;
  • DLL Suite 2014 - Useless and potentially harmful;
  • Java 8 Update 51;
  • Loaris Trojan Remover - Bad reputation, there's better products than this;
If you have an issue when uninstalling a program, please let me know.

Now, there's quite a lot of stuff to clean on your system, so my guess is that it'll take multiple FRST run, but let's remove everything we can right now with one and see how it goes after :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


Your next reply should include:
  • Whether or not you were able to uninstall the programs I listed above;
  • Copy/pasted content of the FRST fixlog;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 15 January 2016 - 05:23 PM

hi yoan.. thanks for assisting me , i already remove the program you told me and i dont have any problem to uninstall it

but i have problem

  1. i ran the fix twice.. because first i run it but i forget to charge my notebook and it shutdown then i run it again.. is that okay? and it ask me to restart to finish the fix.. and the fixlog is appear here i give you the log.
  2. before i post my problem to this forum.. i use sfc /scannow on safe mode and i can connect to internet again.. after i run the fixlist and then i cant use internet again.. the local host is blocked again.. is that good or bad..now i post from my old notebook

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-16 05:33:21) Run:2
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC & nicky (Available Profiles: ASUS PC & nicky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {022cb825-388e-11e5-8332-acd1b84afe07} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {043211d1-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {04321219-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {043212e3-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {04321327-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {0432134e-446d-11e5-833b-acd1b84afe08} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {25541c02-3897-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2d2c6ca7-36aa-11e5-9bc2-acd1b84afe07} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a30b0-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a3aec-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {2f1a3cb2-37ab-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f3fa0-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4110-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4d87-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3c0f4eb7-38c9-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3e90260b-3927-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {3e9027ad-3927-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {4b700306-3876-11e5-8330-cbac9f80d6e0} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {6d8762bb-3947-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {6d8763f5-3947-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {90847c45-36f0-11e5-9bc2-a43ac1e4acb4} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {bc43accb-3889-11e5-8332-acd1b84afe07} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba11a-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba28f-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba3ff-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36ba5bc-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {c36bab34-38be-11e5-8332-e81697a3ea2e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {cdc1b226-36f4-11e5-9bc2-a43ac1e4acb4} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {d2bb8e75-37be-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {d2bb8fd6-37be-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\MountPoints2: {e0c27ef9-37c7-11e5-832f-0260ae925301} - "E:\AutoRun.exe" 
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50098;https=127.0.0.1:50098
ProxyServer: [S-1-5-21-2388969625-1933337250-1248866418-1004] => http=127.0.0.1:50098;https=127.0.0.1:50098
 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=0003446E&OHP=http%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3Dcmi%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3Dcmi%26uid%3DTOSHIBAXMQ01ABF050%5FZ4LIC60WTXXZ4LIC60WT%26ts%3D1434260129%26type%3Ddefault%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://id.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_15_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0DtC0BzzyE0A0F0EtDyBzyyB0C0AtN0D0Tzu0StCtBtAyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0D0ByCyBtD0ByEtG0Azz0A0AtGzz0F0ByEtG0EzyzyyCtGtD0Azy0FyCyCtAtByD0E0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0B0FtByCtB0D0EtGzytA0A0FtGyE0B0F0FtGzytC0AtBtGyE0F0DyEzytBzztDyC0CzztC2QtN0A0LzutB%26cr%3D869312398%26a%3Dwncy_mp3_15_21%26os%3DWindows 8.1 Single Language&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1438457126&z=43e7d3442b78a8d4a7fdf5fgezccdb6z9w0mceaq6m&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT
FF DefaultSearchEngine: oursurfing
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: oursurfing
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1438424841&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q=
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\delta-homes.xml [2015-07-25]
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\mystartsearch.xml [2015-08-01]
FF SearchPlugin: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\oursurfing.xml [2015-06-16]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: No Name - C:\Users\ASUS PC\AppData\Roaming\IDM\idmmzcc5 [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: QuickSearch - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\searchffv2@gmail.com [2015-06-14] [not signed]
FF Extension: Default NewTab - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\default_newtabff@gmail.com [2015-07-24] [not signed]
FF Extension: Default SearchProtected  - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\defsearchp@gmail.com [2015-07-24] [not signed]
FF Extension: deskCut - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\deskCutv2@gmail.com [2015-07-31] [not signed]
FF Extension: Set Search Settings - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\{b54cc223-b03f-4f2f-8cab-347ec67ab3fe} [2015-05-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\defsearchp@gmail.com
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\iobitascsurfingprotection@iobit.com [2015-07-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF user.js: detected! => C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\user.js [2015-09-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-02] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
R2 IhPul; C:\Users\ASUS PC\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
R2 NetTcpHandler; C:\Users\ASUS PC\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 lypufoho; C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25\knshEB92.tmpfs [X]
S3 totyseku; C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25\hnsp25D4.tmp [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
Task: {0F7C2A03-34C7-4EF1-BAF4-A05C42027727} - System32\Tasks\Dlvfecrd => C:\Program Files\shopperz\Mlsaizwav.bat <==== ATTENTION
Task: {9DFC2EBE-19B8-4EE6-8D1F-9D6AF13CF355} - System32\Tasks\runTask => C:\Users\ASUS PC\AppData\Local\Temp/Updater.exe
Task: {A309BEA3-5980-4FD6-AC29-107D19EFD1D2} - System32\Tasks\updateTask => c:\task.vbs
Task: {B49F6121-C0D0-4416-A17A-88E81B74D87C} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {B4CC8BCB-CCC6-4D7F-AAE1-8ECBCA8F2549} - System32\Tasks\Driver Booster SkipUAC (ASUS PC) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {CE88DA96-A077-4DB2-9DE1-A1449EFC0D62} - System32\Tasks\Driver Booster Update => D:\Aplikasi\Driver Booster\AutoUpdate.exe [2015-05-14] (IObit)
Task: {F2BC4D81-CAD3-4F9B-A51F-9B7A7367E050} - System32\Tasks\{D7B69461-7236-4170-A89A-6107DA7832F5} => pcalua.exe -a "C:\Program Files (x86)\TuneUp Utilities 2013\TUInstallHelper.exe" -c --Trigger-Uninstall
Task: {F5E54314-7871-4156-BAAC-C9FF1B30322F} - System32\Tasks\XLQDOZ => C:\ProgramData\2fc7ad4981e44e5e9cd938c744ee5bc0\2fc7ad4981e44e5e9cd938c744ee5bc0.exe <==== ATTENTION
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Shjencueit => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
FirewallRules: [{BD4C8798-5796-498A-A2A0-E33FDB1C1C96}] => (Allow) D:\Aplikasi\Driver Booster\DriverBooster.exe
FirewallRules: [{1D27F638-A070-43E1-B3C8-27C3D6318E85}] => (Allow) D:\Aplikasi\Driver Booster\DriverBooster.exe
FirewallRules: [{7C6CDB4F-BCBB-4397-81B3-5ECF0D5FC52C}] => (Allow) D:\Aplikasi\Driver Booster\DriverBooster.exe
FirewallRules: [{1843160C-05D6-47F2-A288-65FE8AA49849}] => (Allow) D:\Aplikasi\Driver Booster\DriverBooster.exe
 
D:\Aplikasi\Driver Booster
c:\task.vbs
C:\Program Files\shopperz
C:\Program Files (x86)\RCP
C:\Program Files (x86)\IObit
C:\Program Files (x86)\McAfee
C:\Program Files (x86)\WinThruster
C:\Program Files (x86)\IObit Apps Toolbar
C:\Program Files (x86)\TuneUp Utilities 2013
C:\Program Files (x86)\Enigma Software Group
C:\Program Files (x86)\Internet Download Manager
C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25
C:\ProgramData\IObit
C:\ProgramData\JWMiniProJ
C:\ProgramData\ProductData
C:\ProgramData\Weskysoft
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\2fc7ad4981e44e5e9cd938c744ee5bc0
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\WINDOWS\system32\drivers\bsdriver.sys
C:\Windows\System32\drivers\wfpcapture.sys
C:\Users\ASUS PC\AppData\Roaming\TSv
C:\Users\ASUS PC\AppData\Roaming\IDM
C:\Users\ASUS PC\AppData\Roaming\IObit
C:\Users\ASUS PC\AppData\Roaming\RunDir
C:\Users\ASUS PC\AppData\Roaming\NetService
C:\Users\ASUS PC\AppData\Roaming\MailUpdate
C:\Users\ASUS PC\AppData\Roaming\sp_data.sys
C:\Users\ASUS PC\AppData\Local\4135
C:\Users\ASUS PC\AppData\Local\917CC5DD-5F64-46A2-87F9-D94FAECE5E80
C:\Users\ASUS PC\AppData\Local\184336EF-E544-445E-9051-F88FF6FB47A
C:\Users\ASUS PC\AppData\Local\20986331705021ca58edc424.96250074
C:\Users\ASUS PC\AppData\Local\Temp\Updater.exe
 
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{022cb825-388e-11e5-8332-acd1b84afe07} => key not found. 
HKCR\CLSID\{022cb825-388e-11e5-8332-acd1b84afe07} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{043211d1-446d-11e5-833b-acd1b84afe08} => key not found. 
HKCR\CLSID\{043211d1-446d-11e5-833b-acd1b84afe08} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04321219-446d-11e5-833b-acd1b84afe08} => key not found. 
HKCR\CLSID\{04321219-446d-11e5-833b-acd1b84afe08} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{043212e3-446d-11e5-833b-acd1b84afe08} => key not found. 
HKCR\CLSID\{043212e3-446d-11e5-833b-acd1b84afe08} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04321327-446d-11e5-833b-acd1b84afe08} => key not found. 
HKCR\CLSID\{04321327-446d-11e5-833b-acd1b84afe08} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0432134e-446d-11e5-833b-acd1b84afe08} => key not found. 
HKCR\CLSID\{0432134e-446d-11e5-833b-acd1b84afe08} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25541c02-3897-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{25541c02-3897-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d2c6ca7-36aa-11e5-9bc2-acd1b84afe07} => key not found. 
HKCR\CLSID\{2d2c6ca7-36aa-11e5-9bc2-acd1b84afe07} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f1a30b0-37ab-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{2f1a30b0-37ab-11e5-832f-0260ae925301} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f1a3aec-37ab-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{2f1a3aec-37ab-11e5-832f-0260ae925301} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f1a3cb2-37ab-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{2f1a3cb2-37ab-11e5-832f-0260ae925301} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0f3fa0-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3c0f3fa0-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0f4110-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3c0f4110-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0f4d87-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3c0f4d87-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0f4eb7-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3c0f4eb7-38c9-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e90260b-3927-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3e90260b-3927-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e9027ad-3927-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{3e9027ad-3927-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b700306-3876-11e5-8330-cbac9f80d6e0} => key not found. 
HKCR\CLSID\{4b700306-3876-11e5-8330-cbac9f80d6e0} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d8762bb-3947-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{6d8762bb-3947-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d8763f5-3947-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{6d8763f5-3947-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90847c45-36f0-11e5-9bc2-a43ac1e4acb4} => key not found. 
HKCR\CLSID\{90847c45-36f0-11e5-9bc2-a43ac1e4acb4} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc43accb-3889-11e5-8332-acd1b84afe07} => key not found. 
HKCR\CLSID\{bc43accb-3889-11e5-8332-acd1b84afe07} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c36ba11a-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{c36ba11a-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c36ba28f-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{c36ba28f-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c36ba3ff-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{c36ba3ff-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c36ba5bc-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{c36ba5bc-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c36bab34-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKCR\CLSID\{c36bab34-38be-11e5-8332-e81697a3ea2e} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc1b226-36f4-11e5-9bc2-a43ac1e4acb4} => key not found. 
HKCR\CLSID\{cdc1b226-36f4-11e5-9bc2-a43ac1e4acb4} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2bb8e75-37be-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{d2bb8e75-37be-11e5-832f-0260ae925301} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2bb8fd6-37be-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{d2bb8fd6-37be-11e5-832f-0260ae925301} => key not found. 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0c27ef9-37c7-11e5-832f-0260ae925301} => key not found. 
HKCR\CLSID\{e0c27ef9-37c7-11e5-832f-0260ae925301} => key not found. 
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main\\First Home Page => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\PROTOCOLS\Handler\dssrequest => key not found. 
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
HKCR\PROTOCOLS\Handler\sacore => key not found. 
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1438457126&z=43e7d3442b78a8d4a7fdf5fgezccdb6z9w0mceaq6m&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT => not found
FF DefaultSearchEngine: oursurfing => not found
FF DefaultSearchEngine,S: WebSearch => not found
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q= => not found
FF SearchEngineOrder.1: WebSearch => not found
FF SearchEngineOrder.1,S: WebSearch => not found
FF SelectedSearchEngine: oursurfing => not found
FF SelectedSearchEngine,S: WebSearch => not found
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1438424841&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=TOSHIBAXMQ01ABF050_Z4LIC60WTXXZ4LIC60WT => not found
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24399&r=2015/05/27&hid=13241350941919610454&lg=EN&cc=ID&unqvl=88&l=1&q= => not found
"C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\delta-homes.xml" => not found.
"C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\mystartsearch.xml" => not found.
"C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\searchplugins\oursurfing.xml" => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor => path removed successfully
C:\Users\ASUS PC\AppData\Roaming\IDM\idmmzcc5 => not found.
C:\Program Files (x86)\IObit Apps Toolbar\FF => path removed successfully
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\searchffv2@gmail.com => not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\default_newtabff@gmail.com => not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\defsearchp@gmail.com => not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\extensions\deskCutv2@gmail.com => not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\{b54cc223-b03f-4f2f-8cab-347ec67ab3fe} => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchffv2@gmail.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\iobitascsurfingprotection@iobit.com => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value not found.
C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\user.js => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key not found. 
McAfee SiteAdvisor Service => service not found.
bsdriver => Unable to stop service.
bsdriver => service could not remove
wfpcapture => service not found.
IhPul => service not found.
NetTcpHandler => service not found.
LiveUpdateSvc => service not found.
lypufoho => service not found.
totyseku => service not found.
esgiguard => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F7C2A03-34C7-4EF1-BAF4-A05C42027727} => key not found. 
C:\Windows\System32\Tasks\Dlvfecrd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dlvfecrd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DFC2EBE-19B8-4EE6-8D1F-9D6AF13CF355} => key not found. 
C:\Windows\System32\Tasks\runTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A309BEA3-5980-4FD6-AC29-107D19EFD1D2} => key not found. 
C:\Windows\System32\Tasks\updateTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B49F6121-C0D0-4416-A17A-88E81B74D87C} => key not found. 
C:\Windows\System32\Tasks\ASP => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4CC8BCB-CCC6-4D7F-AAE1-8ECBCA8F2549} => key not found. 
C:\Windows\System32\Tasks\Driver Booster SkipUAC (ASUS PC) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (ASUS PC) => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE88DA96-A077-4DB2-9DE1-A1449EFC0D62} => key not found. 
C:\Windows\System32\Tasks\Driver Booster Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2BC4D81-CAD3-4F9B-A51F-9B7A7367E050} => key not found. 
C:\Windows\System32\Tasks\{D7B69461-7236-4170-A89A-6107DA7832F5} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7B69461-7236-4170-A89A-6107DA7832F5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5E54314-7871-4156-BAAC-C9FF1B30322F} => key not found. 
C:\Windows\System32\Tasks\XLQDOZ => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XLQDOZ => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Shjencueit => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\str => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD4C8798-5796-498A-A2A0-E33FDB1C1C96} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D27F638-A070-43E1-B3C8-27C3D6318E85} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C6CDB4F-BCBB-4397-81B3-5ECF0D5FC52C} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1843160C-05D6-47F2-A288-65FE8AA49849} => value not found.
"D:\Aplikasi\Driver Booster" => not found.
"c:\task.vbs" => not found.
"C:\Program Files\shopperz" => not found.
"C:\Program Files (x86)\RCP" => not found.
"C:\Program Files (x86)\IObit" => not found.
"C:\Program Files (x86)\McAfee" => not found.
"C:\Program Files (x86)\WinThruster" => not found.
"C:\Program Files (x86)\IObit Apps Toolbar" => not found.
"C:\Program Files (x86)\TuneUp Utilities 2013" => not found.
"C:\Program Files (x86)\Enigma Software Group" => not found.
"C:\Program Files (x86)\Internet Download Manager" => not found.
"C:\Program Files (x86)\B07183B7-1440702172-D64C-87F4-6435CB9F9E25" => not found.
"C:\ProgramData\IObit" => not found.
"C:\ProgramData\JWMiniProJ" => not found.
"C:\ProgramData\ProductData" => not found.
"C:\ProgramData\Weskysoft" => not found.
"C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => not found.
"C:\ProgramData\2fc7ad4981e44e5e9cd938c744ee5bc0" => not found.
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP" => not found.
Could not move "C:\WINDOWS\system32\drivers\bsdriver.sys" => Scheduled to move on reboot.
"C:\Windows\System32\drivers\wfpcapture.sys" => not found.
"C:\Users\ASUS PC\AppData\Roaming\TSv" => not found.
"C:\Users\ASUS PC\AppData\Roaming\IDM" => not found.
"C:\Users\ASUS PC\AppData\Roaming\IObit" => not found.
"C:\Users\ASUS PC\AppData\Roaming\RunDir" => not found.
"C:\Users\ASUS PC\AppData\Roaming\NetService" => not found.
"C:\Users\ASUS PC\AppData\Roaming\MailUpdate" => not found.
"C:\Users\ASUS PC\AppData\Roaming\sp_data.sys" => not found.
"C:\Users\ASUS PC\AppData\Local\4135" => not found.
"C:\Users\ASUS PC\AppData\Local\917CC5DD-5F64-46A2-87F9-D94FAECE5E80" => not found.
"C:\Users\ASUS PC\AppData\Local\184336EF-E544-445E-9051-F88FF6FB47A" => not found.
"C:\Users\ASUS PC\AppData\Local\20986331705021ca58edc424.96250074" => not found.
"C:\Users\ASUS PC\AppData\Local\Temp\Updater.exe" => not found.
EmptyTemp: => 4.8 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-16 05:36:47)
 
"C:\WINDOWS\system32\drivers\bsdriver.sys" => Could not move
 
==== End of Fixlog 05:36:48 ====


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 15 January 2016 - 05:51 PM

All good, don't worry about that :) My guess is that when FRST ran the first time, it deleted everything and the laptop shutdown when it was emptying the temp folders. In the second run, it couldn't delete anything since it was already deleted from the first run, but FRST finished cleaning up the temp files. There's one nasty service that FRST wasn't able to remove, but we'll attempt to remove it again using a different method. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


After that, we'll run FRST again to get new logs and see where we're at.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply should include:
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 03:41 AM

sorry i still cant reply you.. i am working.. but i alreadyscan ..can i ask you.. yesterday after i fix i cant use internet.. after a few hour i can use it again.. now after i fix again.. i cant use internet.. maybe later i can use internet again.. i will attach the log after work.thanks



#7 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 06:05 AM

ok here my fix log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-16 11:34:53) Run:3
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC & nicky (Available Profiles: ASUS PC & nicky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
CMD: fltmc detach bsdriver c: bsdriver
 
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-02] ()
C:\WINDOWS\system32\drivers\bsdriver.sys
*****************
 
Processes closed successfully.
 
=========  fltmc detach bsdriver c: bsdriver =========
 
 
========= End of CMD: =========
 
bsdriver => Unable to stop service.
bsdriver => service could not remove
C:\WINDOWS\system32\drivers\bsdriver.sys => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 11:35:07 ====

 

 

HERE MY FRST after fix

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01

Ran by ASUS PC (administrator) on NICKYLIM (16-01-2016 11:39:44)
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC & nicky (Available Profiles: ASUS PC & nicky)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Riverbed Technology, Inc.) C:\Program Files (x86)\WinPcap\rpcapd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\ASUS PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => D:\Aplikasi\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 111.95.141.4 202.73.99.2 61.247.0.133
Tcpip\..\Interfaces\{1137592d-234b-4bd7-a77b-cf057a0a4b77}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{265a8ae8-0adf-45df-a08e-e986d44957df}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4c6a6430-9b0d-4ed4-aab0-7e1625f72041}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2BF10F6-725E-4FFE-94A1-21B6CDF03076}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{b26064d6-5f3e-4190-a3e8-4e40497aa1a4}: [DhcpNameServer] 10.20.2.1
Tcpip\..\Interfaces\{da8dec3b-0446-466d-8b5d-2374c65dbc6c}: [DhcpNameServer] 111.95.141.4 202.73.99.2 61.247.0.133
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130930420739018966&GUID=0C2B0C5C-9504-4239-93C7-FC08136C4C1C
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> hxxp://google.com/
 
FireFox:
========
FF ProfilePath: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default
FF NetworkProxy: "type", 5
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: MEGA - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\firefox@mega.co.nz.xpi [2015-07-31] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\ASUS PC\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-04] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-03] (Intel® Corporation) [File not signed]
S3 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [69776 2014-04-30] (ASUS) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-05-08] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-14] (ASUS Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-24] (Phoenix Technologies) [File not signed]
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-05-27] (Disc Soft Ltd)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-24] (REALiX™)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 m76usb; C:\Windows\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-05-24] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [361984 2012-05-02] (QUALCOMM Incorporated)
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2015-08-04] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-11-28] (Research in Motion Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-05-24] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [143592 2015-08-02] (STMicroelectronics)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-16 11:39 - 2016-01-16 11:40 - 00017836 _____ C:\Users\ASUS PC\Desktop\FRST.txt
2016-01-16 11:37 - 2016-01-16 11:37 - 00016148 _____ C:\Windows\system32\NICKYLIM_ASUS PC_HistoryPrediction.bin
2016-01-16 11:37 - 2016-01-16 11:37 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-16 11:34 - 2016-01-16 11:35 - 00000869 _____ C:\Users\ASUS PC\Desktop\Fixlog.txt
2016-01-16 05:15 - 2016-01-16 05:15 - 00013840 _____ C:\Users\ASUS PC\Downloads\fixlist.txt
2016-01-16 05:14 - 2016-01-16 05:14 - 00003198 _____ C:\Windows\System32\Tasks\Trojan Remover
2016-01-15 20:29 - 2016-01-15 22:31 - 2655157028 _____ C:\Users\ASUS PC\Downloads\Tmcsplclcvct.part2 (1).rar.idmznf1.partial
2016-01-15 15:08 - 2016-01-15 16:43 - 00000000 _____ C:\Users\ASUS PC\Downloads\Tmcsplclcvct.part1 (1).rar
2016-01-15 12:13 - 2016-01-15 12:13 - 00003544 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-01-15 12:13 - 2016-01-15 12:13 - 00003534 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-01-14 20:27 - 2016-01-14 20:27 - 00001094 _____ C:\Users\Public\Desktop\IQ Option.lnk
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Imagination Technologies
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IQ Option
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\Program Files (x86)\IQ Option
2016-01-14 20:26 - 2016-01-14 20:27 - 10781344 _____ (IQOption) C:\Users\ASUS PC\Downloads\IQOption.exe
2016-01-14 15:43 - 2016-01-16 11:39 - 00000000 ____D C:\FRST
2016-01-14 14:33 - 2016-01-14 14:32 - 02370560 _____ (Farbar) C:\Users\ASUS PC\Desktop\FRST64.exe
2016-01-14 13:43 - 2016-01-14 13:43 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-14 13:00 - 2016-01-14 13:00 - 00000000 ____D C:\Users\ASUS PC\Desktop\[www.gigapurbalingga.com]_kDLLSuite2013.0.0
2016-01-14 12:59 - 2016-01-14 13:01 - 00000000 ____D C:\Users\ASUS PC\Desktop\[www.gigapurbalingga.com]_DLLSuite2013.0.0
2016-01-14 12:59 - 2016-01-14 12:59 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2016-01-14 12:13 - 2016-01-14 12:13 - 00165376 _____ C:\Users\ASUS PC\Desktop\SystemLook_x64.exe
2016-01-14 11:56 - 2016-01-14 11:55 - 16531066 _____ C:\Users\ASUS PC\Desktop\_www.gigapurbalingga.com__DLLSuite2013.0.0.rar
2016-01-13 21:42 - 2016-01-13 21:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-13 20:10 - 2016-01-13 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-13 20:09 - 2016-01-16 11:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-01-13 20:03 - 2016-01-13 20:09 - 210702984 _____ (Emsisoft Ltd. ) C:\Users\ASUS PC\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-13 03:32 - 2016-01-13 03:33 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-01-13 03:31 - 2016-01-13 03:31 - 00000000 ____D C:\ProgramData\Loaris
2016-01-13 03:29 - 2016-01-13 03:31 - 47942521 _____ (Loaris, Inc. ) C:\Users\ASUS PC\Downloads\setup-ltr-1.3.9.6.exe
2016-01-13 02:25 - 2016-01-13 02:25 - 00600063 _____ C:\Users\ASUS PC\Downloads\Isyana Sarasvati Tetap Dalam Jiwa Fingerstyle.pdf
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\Documents\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\storage
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PunkBuster
2016-01-12 21:09 - 2016-01-12 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-01-12 20:53 - 2016-01-12 20:59 - 00000000 ___HD C:\$Windows.~BT
2016-01-12 20:24 - 2016-01-12 20:58 - 1479871867 _____ C:\Users\ASUS PC\Downloads\doge-diinm.iso.ja94o72.partial
2016-01-12 17:05 - 2016-01-13 00:26 - 2564530176 _____ C:\Users\ASUS PC\Downloads\Ghost.Recon.Future.Soldier.Complete.Edition-Repack (1).iso
2016-01-12 10:02 - 2016-01-12 10:02 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\CAPCOM
2016-01-12 09:57 - 2016-01-12 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen
2016-01-11 10:56 - 2016-01-11 18:52 - 1968250880 _____ C:\Users\ASUS PC\Downloads\Dragons Dogma Dark Arisen_RePack by SEYTER.iso
2016-01-11 10:52 - 2016-01-03 09:40 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 10:52 - 2016-01-03 09:40 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 05:10 - 2016-01-11 05:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Introversion
2016-01-11 05:05 - 2016-01-11 05:05 - 00000000 ____D C:\ProgramData\SkidRow
2016-01-11 05:04 - 2016-01-11 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Introversion Software
2016-01-11 01:19 - 2016-01-11 05:01 - 857053184 _____ C:\Users\ASUS PC\Downloads\pm-psnat (1).iso
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\iPod
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-09 02:38 - 2016-01-09 02:38 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files\Bonjour
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-09 02:36 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-08 22:04 - 2014-07-28 16:47 - 00060408 _____ () C:\Windows\system32\Drivers\adgnetworktdi.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\ProgramData\fontcacheev1.dat
2016-01-08 12:32 - 2014-12-04 00:44 - 00404250 __RSH C:\bootmgr
2016-01-06 07:20 - 2016-01-07 21:49 - 01920605 _____ C:\Users\ASUS PC\Documents\PERLINDUNGAN MEREK TERKENAL  YANG TIDAK TERDAFTAR DITINJAU DARI.pptx
2016-01-06 02:10 - 2016-01-06 02:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\MetaQuotes
2016-01-04 05:35 - 2016-01-06 00:20 - 774432670 _____ C:\Windows\MEMORY.DMP
2016-01-02 06:35 - 2016-01-02 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2016-01-02 05:21 - 2016-01-02 09:04 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PTE_Patch
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD Virtual VRAM Tool
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\PHDGD Virtual VRAM Tool
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD® NOW!™
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\PHDGDNOWsoft
2016-01-01 22:15 - 2016-01-02 00:03 - 1709434817 _____ C:\Users\ASUS PC\Downloads\[www.gigapurbalingga.com]_PTEpat30.rar
2016-01-01 05:48 - 2016-01-01 05:48 - 00329600 _____ C:\Windows\Minidump\010116-23906-01.dmp
2015-12-26 14:02 - 2015-12-26 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MX vs ATV Supercross Encore Edition
2015-12-26 07:42 - 2015-12-26 07:42 - 00000000 ____D C:\ProgramData\Milestone
2015-12-26 07:21 - 2015-12-26 07:21 - 00000000 ____D C:\ProgramData\Steam
2015-12-25 15:00 - 2015-12-25 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dzrepack games
2015-12-23 17:19 - 2015-12-26 07:21 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Milestone
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pQube
2015-12-22 04:30 - 2015-12-22 04:30 - 00000000 ____D C:\Users\ASUS PC\Downloads\Video
2015-12-21 17:31 - 2015-12-21 18:10 - 00000000 ____D C:\Intel
2015-12-20 05:00 - 2016-01-15 13:27 - 00000000 ____D C:\Users\ASUS PC\Downloads\New folder
2015-12-19 07:18 - 2015-12-19 07:18 - 00002415 _____ C:\Users\ASUS PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-19 04:02 - 2016-01-15 13:26 - 00000000 ____D C:\Users\ASUS PC\Downloads\Gpro TAB
2015-12-19 00:57 - 2015-11-25 12:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-19 00:55 - 2015-11-25 13:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-19 00:55 - 2015-11-25 10:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-18 21:20 - 2015-12-10 16:53 - 00199152 ____N (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-16 11:38 - 2015-08-12 15:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-01-16 11:37 - 2015-05-02 07:59 - 00000000 __SHD C:\Users\ASUS PC\IntelGraphicsProfiles
2016-01-16 11:36 - 2015-07-10 20:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 11:36 - 2015-07-10 17:05 - 01048576 ___SH C:\Windows\system32\config\BBI
2016-01-16 11:33 - 2015-07-30 19:08 - 00005982 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 11:28 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-16 06:07 - 2015-07-10 18:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-16 05:26 - 2015-07-30 23:32 - 00000000 ____D C:\Users\ASUS PC\AppData\LocalLow\Temp
2016-01-16 05:25 - 2015-07-10 17:05 - 00000000 ____D C:\Windows
2016-01-16 05:21 - 2015-05-02 08:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-16 05:18 - 2015-11-10 01:46 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Solvusoft
2016-01-16 05:18 - 2015-07-30 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-15 22:33 - 2015-11-15 17:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-15 17:51 - 2015-05-09 18:04 - 00004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{830B1675-C751-4D6A-8943-52242CF8EEF0}
2016-01-15 13:26 - 2015-09-01 14:54 - 00000000 ____D C:\Users\ASUS PC\Downloads\katalog Jualan
2016-01-15 11:44 - 2015-07-10 19:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-15 11:34 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\NDF
2016-01-14 16:53 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\rescache
2016-01-14 15:51 - 2015-07-30 18:47 - 00000000 ____D C:\Users\ASUS PC
2016-01-14 15:38 - 2015-07-10 20:20 - 00433768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 14:20 - 2015-11-10 00:35 - 01209418 _____ C:\Windows\ntbtlog.txt
2016-01-14 14:20 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\oobe
2016-01-14 13:43 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 22:46 - 2015-05-19 01:17 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 22:41 - 2015-07-29 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 22:41 - 2015-05-19 01:16 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 22:40 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 22:39 - 2015-05-02 08:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 22:14 - 2015-07-10 19:02 - 00000000 ____D C:\Windows\INF
2016-01-13 19:35 - 2015-11-10 00:35 - 125042688 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-13 19:35 - 2015-11-10 00:35 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-13 19:35 - 2015-07-10 17:05 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-13 19:35 - 2015-05-22 20:24 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagwrn.xml
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-12 20:58 - 2015-07-31 09:33 - 00000000 ___DC C:\Windows\Panther
2016-01-12 20:26 - 2015-06-23 16:46 - 00000000 ____D C:\Users\ASUS PC\Downloads\Compressed
2016-01-12 10:01 - 2014-12-04 00:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 02:40 - 2015-05-01 22:44 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Apple Computer
2016-01-08 12:38 - 2015-05-02 07:59 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Packages
2016-01-08 12:14 - 2015-05-10 21:54 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\DMCache
2016-01-06 01:35 - 2015-12-14 22:08 - 00000835 _____ C:\Windows\system32\Drivers\etc\hosts.back
2016-01-06 00:21 - 2015-08-05 14:53 - 00000000 ____D C:\Windows\Minidump
2016-01-01 20:49 - 2015-06-18 17:34 - 00000000 ____D C:\ProgramData\KONAMI
2016-01-01 20:49 - 2015-05-24 14:42 - 00000000 ____D C:\Users\ASUS PC\Documents\KONAMI
2015-12-26 06:49 - 2015-09-04 00:56 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Deployment
2015-12-24 15:43 - 2015-11-11 20:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-12-24 15:43 - 2015-11-11 20:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-12-24 00:14 - 2015-10-07 05:39 - 00000000 ____D C:\Users\ASUS PC\Documents\Tugas Hukum
2015-12-22 09:00 - 2015-11-17 00:19 - 00000000 ____D C:\Users\nicky
2015-12-22 09:00 - 2015-11-11 20:22 - 00000000 ____D C:\Program Files\IIS
2015-12-22 09:00 - 2015-08-02 03:28 - 00000000 ____D C:\Windows\system32\huu
2015-12-22 09:00 - 2015-07-31 09:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-22 09:00 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-22 09:00 - 2015-07-30 18:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\Intel
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\DIFX
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\system32\WCN
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\spool
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 09:00 - 2015-05-02 07:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-21 17:59 - 2015-11-10 00:35 - 00069632 _____ C:\Windows\system32\config\SAM.bak
2015-12-21 17:59 - 2015-07-10 17:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-12-21 17:01 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\Registration
2015-12-19 20:52 - 2015-05-13 23:37 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\ElevatedDiagnostics
2015-12-19 07:18 - 2015-05-09 18:50 - 00000000 __RDO C:\Users\ASUS PC\OneDrive
 
==================== Files in the root of some directories =======
 
2015-05-21 10:16 - 2015-07-29 19:32 - 0000024 _____ () C:\Users\ASUS PC\AppData\Roaming\appdataFr25.bin
2015-12-27 01:49 - 2015-12-27 01:49 - 0000473 _____ () C:\Users\ASUS PC\AppData\Roaming\droid4xinstaller.log
2015-06-29 17:14 - 2015-07-01 08:14 - 0000098 _____ () C:\Users\ASUS PC\AppData\Roaming\WB.CFG
2015-06-23 02:01 - 2015-06-23 02:01 - 0005120 _____ () C:\Users\ASUS PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-14 18:24 - 2015-12-06 02:56 - 0007603 _____ () C:\Users\ASUS PC\AppData\Local\resmon.resmoncfg
2015-05-12 16:33 - 2015-05-12 16:33 - 0000000 _____ () C:\Users\ASUS PC\AppData\Local\Temp.dat
2015-07-30 18:42 - 2015-07-30 18:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-08 22:03 - 2016-01-08 22:03 - 0000231 _____ () C:\ProgramData\fontcacheev1.dat
2015-02-11 21:50 - 2014-03-26 09:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-12-04 00:56 - 2014-03-27 04:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-12-04 00:56 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-12-04 00:56 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\RefreshReg.vbs
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-08-02 03:28] - [2015-08-02 03:28] - 0680256 ____N () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\system32\dnsapi.dll => no Company Name <===== ATTENTION
 
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 09:11
 
==================== End of FRST.txt ============================

 

here my ADDITION

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-16 11:42:04)
Running from C:\Users\ASUS PC\Desktop
Windows 10 Home Single Language (X64) (2015-07-30 11:26:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2388969625-1933337250-1248866418-500 - Administrator - Disabled)
ASUS PC (S-1-5-21-2388969625-1933337250-1248866418-1001 - Administrator - Enabled) => C:\Users\ASUS PC
DefaultAccount (S-1-5-21-2388969625-1933337250-1248866418-503 - Limited - Disabled)
Guest (S-1-5-21-2388969625-1933337250-1248866418-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2388969625-1933337250-1248866418-1003 - Limited - Enabled)
nicky (S-1-5-21-2388969625-1933337250-1248866418-1004 - Limited - Enabled) => C:\Users\nicky
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Pro Evolution Soccer 2016» 1.4.0.0 (HKLM-x32\...\«Pro Evolution Soccer 2016»_is1) (Version: 1.4.0.0 - KONAMI)
Akamai NetSession Interface (HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Ghost Recon Future Soldier Complete Edition version 1.8.0.0 (HKLM-x32\...\Ghost Recon Future Soldier Complete Edition_is1) (Version: 1.8.0.0 - Ubisoft)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek)
Metal Gear Solid V - The Phantom Pain version 1.0.2 (HKLM-x32\...\Metal Gear Solid V - The Phantom Pain_is1) (Version: 1.0.2 - dzrepack games)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
MotoGP 15 version 1.0.0 (HKLM-x32\...\MotoGP 15_is1) (Version: 1.0.0 - pQube)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3.1 PRO - MP3 Rocket Inc)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MX vs ATV Supercross Encore Edition (HKLM-x32\...\MX vs ATV Supercross Encore Edition_is1) (Version:  - )
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PHDGD Virtual VRAM Tool version 1.0 (HKLM-x32\...\{FB97A218-8B43-43BE-A721-C199C6589D08}_is1) (Version: 1.0 - PHDGD/IntelliModder32)
PHDGD® NOW!™ (HKLM-x32\...\PHDGD® NOW!™) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1815.0 - CyberLink Corporation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prison Architect (HKLM-x32\...\Prison Architect_is1) (Version:  - )
Pro Evolution Soccer 2015 version 1.0 (HKLM-x32\...\Pro Evolution Soccer 2015_is1) (Version: 1.0 - KONAMI)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smartfren Connex CE81B UI v1.0.1.784 (HKLM-x32\...\Smartfren Connex CE81B Normal Version_is1) (Version:  - )
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
Windows Device Recovery Tool 3.1.2 (HKLM-x32\...\{9e156ead-3518-4112-999a-4188770fc8ad}) (Version: 3.1.2 - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C571F8-C6EE-4A68-B3FE-BE147756D093} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {18BCBA4C-B39E-4839-BFAC-6DF57FDB7D1E} - System32\Tasks\{E573FB5E-9A04-4089-B375-4811F12D3357} => pcalua.exe -a "D:\New Folder\TUInstallHelper.exe" -c --Trigger-Uninstall
Task: {18F94435-5210-4A6F-82D2-E2CBFE167EDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1971E942-C6C5-47EE-A0DB-F47C49932FB5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1FB10C82-2D26-4197-8E23-308929F0AAAB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21E910AC-5D7B-425F-A582-EB408B31EEB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A2AF9D8-59C2-4FDF-83BD-F45C4303C9B5} - System32\Tasks\EVGAPrecisionX => D:\PrecisionX_x64.exe
Task: {38F17724-C6F8-4970-9F79-F6DEE58B14F9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {41302165-645E-43D9-8646-081D858E604D} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {42ECCC87-E17F-4856-8BBD-4A6D84D3CAB6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {55362E45-9112-4065-8B3E-7ACE3A3F23EC} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {59DC418C-99ED-4D38-9953-7E46F81D46DD} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {5E043FA7-8251-42BB-9C91-DF0C452EA7FB} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {650F6345-2D86-48B4-A559-A7C87B94A294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6ABDE848-0CDD-4CF7-9DD6-14B65C8D7315} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78FA46C0-7D98-4A97-AA3A-8FDFB7556440} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-04] (Realtek Semiconductor)
Task: {8244B8A1-DA68-4C50-ABA2-DF16FC808CA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {84B219E7-2893-4EDD-A789-4EDA6D75052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {96F31864-7E8D-407F-BE7D-C04F31D6738C} - System32\Tasks\Driver Booster Scan => D:\Aplikasi\Driver Booster\Scheduler.exe
Task: {9CD29D13-B3A5-4CA5-AF02-16D3C54F1AC3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EC62405-8742-4D0A-B73F-F65EFEC27A5D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9EEFF3FA-EE50-4985-A109-C6119375C70C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE5CFF0B-2646-4E54-8376-4398C4FFA990} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {BF2756B0-A74B-49AD-936B-928757192F9A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFF4B7CA-DDE5-49D0-B6A9-1A24E1FBC969} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {C2D9AC99-E573-49E1-B899-DB15872A6A85} - System32\Tasks\Java™ Platform SE Auto Updater 2 0 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {CDA3F42D-8603-452D-A513-B6099F22DCD0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-28] (AsusTek)
Task: {D5334A8B-333B-4706-B10C-0740D2076FCD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {E44AF3DC-0903-4EF7-A1F0-D4E676807A0A} - System32\Tasks\{9B486D92-502B-4049-B2FC-9EB12C1FE0E8} => pcalua.exe -a "C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe" -d "C:\Program Files\ASUS\ASUS FlipLock"
Task: {E6EF3878-DACA-4C5F-ADFA-2D8B1DC863FB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)
Task: {F7A4BE79-D8DD-4BFC-846F-08D7099315C0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-02 03:28 - 2015-08-02 03:28 - 00680256 ____N () C:\Windows\system32\DNSAPI.dll
2015-07-31 09:28 - 2015-07-31 09:28 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-08-02 03:28 - 2015-08-02 03:28 - 00680256 ____N () c:\windows\system32\DNSAPI.dll
2015-07-10 19:00 - 2015-07-10 19:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-07-30 18:42 - 2015-07-14 01:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-02 03:28 - 2015-08-02 03:28 - 00680256 ____N () C:\Windows\System32\DNSAPI.dll
2015-08-19 17:02 - 2015-08-11 17:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-07-10 19:00 - 2015-07-10 19:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-08-02 03:28 - 2015-08-02 03:28 - 00680256 ____N () C:\Windows\SYSTEM32\DNSAPI.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-07 22:52 - 2015-09-17 14:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-11-07 22:52 - 2015-09-17 14:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-11-07 22:52 - 2015-09-17 13:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-11-07 22:53 - 2015-09-17 13:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-11-07 22:51 - 2015-09-17 13:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-07 22:51 - 2015-09-17 13:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-07 22:52 - 2015-09-17 13:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-11 03:20 - 2015-11-11 03:20 - 00285184 _____ () C:\Users\ASUS PC\AppData\Local\Packages\26968APPLYF.InstaPic_4502q87ac11em\AC\Microsoft\CLR_v4.0\NativeImages\InstaPicTasks\0e86c6f5febc83e730f59250ae163ca5\InstaPicTasks.ni.dll
2015-11-11 03:20 - 2015-11-11 03:20 - 04090880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\edb0d6df742f1aa4700b7018ffec2a22\Windows.ApplicationModel.ni.dll
2015-11-11 03:20 - 2015-11-11 03:20 - 01173504 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\e82a1304cbfde80ab2bfa1dc39248737\Windows.Storage.ni.dll
2016-01-08 22:42 - 2016-01-08 22:42 - 00048128 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2015-12-16 20:42 - 2015-12-16 20:42 - 00870400 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_2.0.4.0_x64__8ptj331gd3tyt\Sqlite.dll
2015-11-10 16:26 - 2015-11-10 16:26 - 00335360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\05a6d0e3a666ac8d0b38a6a290869c06\Windows.Foundation.ni.dll
2014-04-30 15:33 - 2014-04-30 15:33 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2015-05-21 16:40 - 2015-10-12 11:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-30 15:33 - 2014-04-30 15:33 - 00181048 _____ () C:\Program Files\ASUS\ASUS FlipLock\STSensorInfoApp.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS PC\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\best-wallpapers-of-2560-x-1600-landscape-fantasy-photo-best-wallpapers.jpg
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Droid4XService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "ASUS HDD Protection Tray Application"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "RemoteControl"
HKLM\...\StartupApproved\Run32: => "LanguageShortcut"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "TrojanScanner"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "IDM 7.3 Crack (Internet Download Manager) Free Download.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Flutter"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "RocketDock"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "version_provider"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SmartRAM"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steganos VPN Proxy Handler"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SOS_Agent"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steganos VPN Local Proxy"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SOS Browser Monitor"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_72489B4B318A01C250DB4ECD49090791"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{6993ACC3-59CD-4000-85FE-1393E4801AD5}D:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{909FF392-F425-4A64-B54B-F6C016A3D48B}D:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{1219C82E-F421-4207-8450-5286B399AD2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0CC11774-EC5C-4948-BC1B-2E2812D3127A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A74E5D5E-1B19-432D-B6C2-1E82548D833D}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [UDP Query User{6F6BE5F7-D6B3-4B1E-AB06-A8E6BDB25F28}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [TCP Query User{22BE4875-6B0F-4CB4-A51A-D43DED7D003E}D:\games\mxgp\mxgp.exe] => (Allow) D:\games\mxgp\mxgp.exe
FirewallRules: [UDP Query User{6D39BE6A-474C-48B6-9FC4-A8087CF89BBB}D:\games\mxgp\mxgp.exe] => (Allow) D:\games\mxgp\mxgp.exe
FirewallRules: [{5D4E2C8D-4A5F-447E-9875-E08B9DEA156D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EA2187E-F0C2-4CE4-AF38-657F2C82B3BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48A3A53D-EDA7-43ED-9342-4AF43A7E87CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF1A951B-9556-4F4C-8539-4212A1E05464}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFBA19C3-5BCF-4176-A037-EF3684342EC6}] => (Allow) D:\Aplikasi\iTunes.exe
 
==================== Restore Points =========================
 
13-01-2016 03:29:14 WinThruster Wed, Jan 13, 16  03:29
16-01-2016 05:18:59 Removed Microsoft Web Deploy 3.6
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2016 11:33:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (01/16/2016 11:33:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (01/16/2016 06:06:59 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (01/16/2016 06:06:59 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (01/16/2016 05:56:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/16/2016 05:55:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/16/2016 05:55:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/16/2016 05:55:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/16/2016 05:55:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/16/2016 05:55:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1680
 
Start Time: 01d14fdecbb2a830
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 12eaab3f-bbd2-11e5-83ed-c1ab28cff998
 
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (01/16/2016 11:36:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error: 
%%2
 
Error: (01/16/2016 11:36:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery Service service which failed to start because of the following error: 
%%1058
 
Error: (01/16/2016 11:35:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/16/2016 11:35:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/16/2016 11:35:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/16/2016 11:35:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/16/2016 11:35:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/16/2016 11:35:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/16/2016 11:35:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/16/2016 11:35:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Packet Capture Protocol v.0 (experimental) service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-01-16 05:40:34.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-15 11:56:53.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 51%
Total physical RAM: 3979.12 MB
Available physical RAM: 1929.15 MB
Total Virtual: 8331.12 MB
Available Virtual: 6160.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.49 GB) (Free:73.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:25.6 GB) NTFS
Drive e: (Nicky) (Fixed) (Total:14.91 GB) (Free:14.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 34889F47)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: D7C85BA8)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 16 January 2016 - 12:35 PM

You lose your Internet access because the ShopperZ infection is still active, and therefore it keeps on patching your dnsapi.dll file. Once we fully remove it, and repair it once and for all using SFC, you'll gain back access to the Internet. Now, I'll ask you to boot in Safe Mode and run the FRST fix there, so we can get rid of the ShopperZ service.

Instructions on how to boot in Safe Mode: http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10 - The first 2 methods are the easiest to use.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


Once done you ran the FRST fix, please boot back normally (normal boot, not Safe Mode), and run FRST again to get fresh logs so I can see if the fix worked or not.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply should include:
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 03:20 PM

i see you are online.. please dont go offline.. i will reply this soon



#10 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 03:58 PM

so here is it

 

 FIXLOG

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-17 04:48:01) Run:4
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC (Available Profiles: ASUS PC & nicky)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
CMD: sc stop bsdriver
CMD: sc delete bsdriver
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
 
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
 
Task: {96F31864-7E8D-407F-BE7D-C04F31D6738C} - System32\Tasks\Driver Booster Scan => D:\Aplikasi\Driver Booster\Scheduler.exe
*****************
 
Processes closed successfully.
 
=========  sc stop bsdriver =========
 
[SC] ControlService FAILED 1062:
 
The service has not been started.
 
 
========= End of CMD: =========
 
 
=========  sc delete bsdriver =========
 
[SC] DeleteService SUCCESS
 
========= End of CMD: =========
 
bsdriver => service not found.
C:\Program Files (x86)\McAfee\SiteAdvisor => path removed successfully
C:\Program Files (x86)\IObit Apps Toolbar\FF => path removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96F31864-7E8D-407F-BE7D-C04F31D6738C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F31864-7E8D-407F-BE7D-C04F31D6738C}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster Scan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 04:48:02 ====

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01

Ran by ASUS PC (administrator) on NICKYLIM (17-01-2016 04:51:16)
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC (Available Profiles: ASUS PC & nicky)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Riverbed Technology, Inc.) C:\Program Files (x86)\WinPcap\rpcapd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\System32\wifitask.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Users\ASUS PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => D:\Aplikasi\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\RunOnce: [Uninstall C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50098;https=127.0.0.1:50098
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 111.95.141.4 202.73.99.2 61.247.0.133
Tcpip\..\Interfaces\{1137592d-234b-4bd7-a77b-cf057a0a4b77}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{265a8ae8-0adf-45df-a08e-e986d44957df}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4c6a6430-9b0d-4ed4-aab0-7e1625f72041}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2BF10F6-725E-4FFE-94A1-21B6CDF03076}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{b26064d6-5f3e-4190-a3e8-4e40497aa1a4}: [DhcpNameServer] 10.20.2.1
Tcpip\..\Interfaces\{da8dec3b-0446-466d-8b5d-2374c65dbc6c}: [DhcpNameServer] 111.95.141.4 202.73.99.2 61.247.0.133
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001 -> hxxp://google.com/
 
FireFox:
========
FF ProfilePath: C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default
FF NetworkProxy: "type", 5
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: MEGA - C:\Users\ASUS PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwnzyna4.default\Extensions\firefox@mega.co.nz.xpi [2015-07-31] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\ASUS PC\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-04] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-03] (Intel® Corporation) [File not signed]
S3 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [69776 2014-04-30] (ASUS) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [19456 2014-05-08] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-14] (ASUS Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-24] (Phoenix Technologies) [File not signed]
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-05-27] (Disc Soft Ltd)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-24] (REALiX™)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 m76usb; C:\Windows\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-05-24] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [361984 2012-05-02] (QUALCOMM Incorporated)
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2015-08-04] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-11-28] (Research in Motion Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-05-24] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [143592 2015-08-02] (STMicroelectronics)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 04:51 - 2016-01-17 04:51 - 00017235 _____ C:\Users\ASUS PC\Desktop\FRST.txt
2016-01-17 04:50 - 2016-01-17 04:50 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-17 04:49 - 2016-01-17 04:49 - 00016148 _____ C:\Windows\system32\NICKYLIM_ASUS PC_HistoryPrediction.bin
2016-01-17 04:48 - 2016-01-17 04:48 - 00001806 _____ C:\Users\ASUS PC\Desktop\Fixlog.txt
2016-01-17 04:47 - 2016-01-17 04:47 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-17 04:21 - 2016-01-17 04:21 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-01-16 23:09 - 2016-01-16 23:21 - 00000000 ____D C:\Users\ASUS PC\Downloads\Tom Clancy's Splinter Cell Conviction
2016-01-16 20:57 - 2016-01-16 22:48 - 4044719096 _____ C:\Users\ASUS PC\Downloads\Tmcsplclcvct.part2.rar
2016-01-16 19:29 - 2015-12-15 05:00 - 00000000 ____D C:\Users\ASUS PC\Downloads\[www.gigapurbalingga.com]_PTEpat30
2016-01-16 05:14 - 2016-01-16 05:14 - 00003198 _____ C:\Windows\System32\Tasks\Trojan Remover
2016-01-15 15:08 - 2016-01-15 16:43 - 00000000 _____ C:\Users\ASUS PC\Downloads\Tmcsplclcvct.part1.rar
2016-01-15 12:13 - 2016-01-15 12:13 - 00003544 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-01-15 12:13 - 2016-01-15 12:13 - 00003534 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-01-14 20:27 - 2016-01-14 20:27 - 00001094 _____ C:\Users\Public\Desktop\IQ Option.lnk
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Imagination Technologies
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IQ Option
2016-01-14 20:27 - 2016-01-14 20:27 - 00000000 ____D C:\Program Files (x86)\IQ Option
2016-01-14 15:43 - 2016-01-17 04:51 - 00000000 ____D C:\FRST
2016-01-14 14:33 - 2016-01-14 14:32 - 02370560 _____ (Farbar) C:\Users\ASUS PC\Desktop\FRST64.exe
2016-01-14 12:59 - 2016-01-14 12:59 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2016-01-14 12:13 - 2016-01-14 12:13 - 00165376 _____ C:\Users\ASUS PC\Desktop\SystemLook_x64.exe
2016-01-13 21:42 - 2016-01-13 21:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-13 20:10 - 2016-01-13 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-13 20:09 - 2016-01-17 04:52 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-01-13 03:32 - 2016-01-13 03:33 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-01-13 03:31 - 2016-01-13 03:31 - 00000000 ____D C:\ProgramData\Loaris
2016-01-13 02:25 - 2016-01-13 02:25 - 00600063 _____ C:\Users\ASUS PC\Downloads\Isyana Sarasvati Tetap Dalam Jiwa Fingerstyle.pdf
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\Documents\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Ubisoft
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\storage
2016-01-12 21:11 - 2016-01-12 21:11 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PunkBuster
2016-01-12 21:09 - 2016-01-12 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-01-12 20:53 - 2016-01-12 20:59 - 00000000 ___HD C:\$Windows.~BT
2016-01-12 17:05 - 2016-01-13 00:26 - 2564530176 _____ C:\Users\ASUS PC\Downloads\Ghost.Recon.Future.Soldier.Complete.Edition-Repack (1).iso
2016-01-12 10:02 - 2016-01-12 10:02 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\CAPCOM
2016-01-12 09:57 - 2016-01-12 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen
2016-01-11 10:56 - 2016-01-11 18:52 - 1968250880 _____ C:\Users\ASUS PC\Downloads\Dragons Dogma Dark Arisen_RePack by SEYTER.iso
2016-01-11 10:52 - 2016-01-03 09:40 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 10:52 - 2016-01-03 09:40 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 05:10 - 2016-01-11 05:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Introversion
2016-01-11 05:05 - 2016-01-11 05:05 - 00000000 ____D C:\ProgramData\SkidRow
2016-01-11 05:04 - 2016-01-11 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Introversion Software
2016-01-11 01:19 - 2016-01-11 05:01 - 857053184 _____ C:\Users\ASUS PC\Downloads\pm-psnat (1).iso
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\iPod
2016-01-09 02:39 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-09 02:38 - 2016-01-09 02:38 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-01-09 02:38 - 2016-01-09 02:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files\Bonjour
2016-01-09 02:37 - 2016-01-09 02:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-09 02:36 - 2016-01-09 02:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-08 22:04 - 2014-07-28 16:47 - 00060408 _____ () C:\Windows\system32\Drivers\adgnetworktdi.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-01-08 22:03 - 2016-01-08 22:03 - 00000231 _____ C:\ProgramData\fontcacheev1.dat
2016-01-08 12:32 - 2014-12-04 00:44 - 00404250 __RSH C:\bootmgr
2016-01-06 07:20 - 2016-01-07 21:49 - 01920605 _____ C:\Users\ASUS PC\Documents\PERLINDUNGAN MEREK TERKENAL  YANG TIDAK TERDAFTAR DITINJAU DARI.pptx
2016-01-06 02:10 - 2016-01-06 02:10 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\MetaQuotes
2016-01-04 05:35 - 2016-01-06 00:20 - 774432670 _____ C:\Windows\MEMORY.DMP
2016-01-02 06:35 - 2016-01-02 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2016-01-02 05:21 - 2016-01-02 09:04 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\PTE_Patch
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD Virtual VRAM Tool
2016-01-02 01:05 - 2016-01-02 01:05 - 00000000 ____D C:\PHDGD Virtual VRAM Tool
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHDGD® NOW!™
2016-01-01 23:43 - 2016-01-01 23:43 - 00000000 ____D C:\PHDGDNOWsoft
2016-01-01 22:15 - 2016-01-02 00:03 - 1709434817 _____ C:\Users\ASUS PC\Downloads\[www.gigapurbalingga.com]_PTEpat30.rar
2016-01-01 05:48 - 2016-01-01 05:48 - 00329600 _____ C:\Windows\Minidump\010116-23906-01.dmp
2015-12-26 14:02 - 2015-12-26 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MX vs ATV Supercross Encore Edition
2015-12-26 07:42 - 2015-12-26 07:42 - 00000000 ____D C:\ProgramData\Milestone
2015-12-26 07:21 - 2015-12-26 07:21 - 00000000 ____D C:\ProgramData\Steam
2015-12-25 15:00 - 2015-12-25 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dzrepack games
2015-12-23 17:19 - 2015-12-26 07:21 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Milestone
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-23 17:07 - 2015-12-23 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pQube
2015-12-22 04:30 - 2015-12-22 04:30 - 00000000 ____D C:\Users\ASUS PC\Downloads\Video
2015-12-21 17:31 - 2015-12-21 18:10 - 00000000 ____D C:\Intel
2015-12-20 05:00 - 2016-01-15 13:27 - 00000000 ____D C:\Users\ASUS PC\Downloads\New folder
2015-12-19 07:18 - 2015-12-19 07:18 - 00002415 _____ C:\Users\ASUS PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-19 04:02 - 2016-01-15 13:26 - 00000000 ____D C:\Users\ASUS PC\Downloads\Gpro TAB
2015-12-19 00:57 - 2015-12-01 14:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2015-12-19 00:57 - 2015-11-25 12:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-12-19 00:57 - 2015-11-25 12:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-19 00:57 - 2015-11-25 12:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-19 00:57 - 2015-11-25 12:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-19 00:57 - 2015-11-25 12:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-19 00:57 - 2015-11-25 12:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-19 00:57 - 2015-11-25 12:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-19 00:57 - 2015-11-25 12:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-19 00:57 - 2015-11-25 12:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-19 00:57 - 2015-11-25 12:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-19 00:57 - 2015-11-25 12:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-19 00:57 - 2015-11-25 12:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-19 00:57 - 2015-11-25 12:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-19 00:57 - 2015-11-25 12:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-19 00:57 - 2015-11-25 12:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-19 00:57 - 2015-11-25 12:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-19 00:57 - 2015-11-25 12:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-19 00:56 - 2015-12-01 13:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-12-19 00:56 - 2015-12-01 13:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-12-19 00:56 - 2015-12-01 13:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-19 00:56 - 2015-12-01 13:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-19 00:56 - 2015-12-01 12:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-19 00:56 - 2015-11-25 13:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-19 00:56 - 2015-11-25 13:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-12-19 00:56 - 2015-11-25 13:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-19 00:56 - 2015-11-25 13:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-19 00:56 - 2015-11-25 13:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-19 00:56 - 2015-11-25 12:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-19 00:56 - 2015-11-25 12:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-19 00:56 - 2015-11-25 12:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-19 00:56 - 2015-11-25 12:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2015-12-19 00:56 - 2015-11-25 12:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-19 00:56 - 2015-11-25 12:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-19 00:56 - 2015-11-25 12:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-12-19 00:56 - 2015-11-25 12:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-19 00:56 - 2015-11-25 12:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-12-19 00:56 - 2015-11-25 12:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-19 00:56 - 2015-11-25 12:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-19 00:56 - 2015-11-25 12:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-19 00:56 - 2015-11-25 12:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-19 00:56 - 2015-11-25 12:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-19 00:56 - 2015-11-25 12:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-19 00:56 - 2015-11-25 12:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-19 00:56 - 2015-11-25 12:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-19 00:55 - 2015-11-25 13:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2015-12-19 00:55 - 2015-11-25 13:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-19 00:55 - 2015-11-25 13:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-19 00:55 - 2015-11-25 13:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-19 00:55 - 2015-11-25 12:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-12-19 00:55 - 2015-11-25 12:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-19 00:55 - 2015-11-25 12:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2015-12-19 00:55 - 2015-11-25 12:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2015-12-19 00:55 - 2015-11-25 12:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2015-12-19 00:55 - 2015-11-25 12:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-19 00:55 - 2015-11-25 12:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-19 00:55 - 2015-11-25 12:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-19 00:55 - 2015-11-25 12:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-19 00:55 - 2015-11-25 12:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-12-19 00:55 - 2015-11-25 12:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-12-19 00:55 - 2015-11-25 12:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-12-19 00:55 - 2015-11-25 12:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-12-19 00:55 - 2015-11-25 12:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2015-12-19 00:55 - 2015-11-25 12:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-19 00:55 - 2015-11-25 12:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-19 00:55 - 2015-11-25 12:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2015-12-19 00:55 - 2015-11-25 12:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-12-19 00:55 - 2015-11-25 12:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-12-19 00:55 - 2015-11-25 12:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-19 00:55 - 2015-11-25 12:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-19 00:55 - 2015-11-25 12:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-19 00:55 - 2015-11-25 12:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2015-12-19 00:55 - 2015-11-25 12:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-19 00:55 - 2015-11-25 12:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-19 00:55 - 2015-11-25 12:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-19 00:55 - 2015-11-25 10:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-19 00:55 - 2015-11-25 10:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-19 00:54 - 2015-12-01 15:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-19 00:54 - 2015-11-25 13:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-19 00:54 - 2015-11-25 13:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-18 21:20 - 2015-12-10 16:53 - 00199152 ____N (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 04:51 - 2015-08-12 15:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-01-17 04:50 - 2015-05-02 07:59 - 00000000 __SHD C:\Users\ASUS PC\IntelGraphicsProfiles
2016-01-17 04:48 - 2015-11-10 00:35 - 01726190 _____ C:\Windows\ntbtlog.txt
2016-01-17 04:48 - 2015-07-10 20:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-17 04:48 - 2015-07-10 17:05 - 01048576 ___SH C:\Windows\system32\config\BBI
2016-01-17 04:31 - 2015-07-10 20:20 - 00433768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 04:31 - 2015-07-10 19:02 - 00000000 ____D C:\Windows\INF
2016-01-17 04:25 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\oobe
2016-01-17 04:25 - 2015-07-10 17:05 - 00000000 ____D C:\Windows
2016-01-17 04:21 - 2015-02-11 21:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-17 00:24 - 2015-05-09 18:04 - 00004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{830B1675-C751-4D6A-8943-52242CF8EEF0}
2016-01-16 22:27 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\rescache
2016-01-16 21:46 - 2015-07-30 23:32 - 00000000 ____D C:\Users\ASUS PC\AppData\LocalLow\Temp
2016-01-16 21:11 - 2015-11-15 17:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-16 21:05 - 2015-07-10 18:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-16 19:34 - 2015-07-30 18:47 - 00000000 ____D C:\Users\ASUS PC
2016-01-16 17:40 - 2015-11-17 00:19 - 00000000 ____D C:\Users\nicky
2016-01-16 17:38 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-16 11:33 - 2015-07-30 19:08 - 00005982 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 05:21 - 2015-05-02 08:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-16 05:18 - 2015-11-10 01:46 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Solvusoft
2016-01-16 05:18 - 2015-07-30 18:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-15 13:26 - 2015-09-01 14:54 - 00000000 ____D C:\Users\ASUS PC\Downloads\katalog Jualan
2016-01-15 11:44 - 2015-07-10 19:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-15 11:34 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\NDF
2016-01-14 13:43 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 22:46 - 2015-05-19 01:17 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 22:41 - 2015-07-29 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 22:41 - 2015-05-19 01:16 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 22:40 - 2015-07-29 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 22:39 - 2015-05-02 08:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 19:35 - 2015-11-10 00:35 - 125042688 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-13 19:35 - 2015-11-10 00:35 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-13 19:35 - 2015-07-10 17:05 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-13 19:35 - 2015-05-22 20:24 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagwrn.xml
2016-01-12 20:59 - 2015-07-29 13:58 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-12 20:58 - 2015-07-31 09:33 - 00000000 ___DC C:\Windows\Panther
2016-01-12 20:26 - 2015-06-23 16:46 - 00000000 ____D C:\Users\ASUS PC\Downloads\Compressed
2016-01-12 10:01 - 2014-12-04 00:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 02:40 - 2015-05-01 22:44 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\Apple Computer
2016-01-08 12:38 - 2015-05-02 07:59 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Packages
2016-01-08 12:14 - 2015-05-10 21:54 - 00000000 ____D C:\Users\ASUS PC\AppData\Roaming\DMCache
2016-01-06 01:35 - 2015-12-14 22:08 - 00000835 _____ C:\Windows\system32\Drivers\etc\hosts.back
2016-01-06 00:21 - 2015-08-05 14:53 - 00000000 ____D C:\Windows\Minidump
2016-01-01 20:49 - 2015-06-18 17:34 - 00000000 ____D C:\ProgramData\KONAMI
2016-01-01 20:49 - 2015-05-24 14:42 - 00000000 ____D C:\Users\ASUS PC\Documents\KONAMI
2015-12-26 06:49 - 2015-09-04 00:56 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\Deployment
2015-12-24 15:43 - 2015-11-11 20:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-12-24 15:43 - 2015-11-11 20:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-12-24 00:14 - 2015-10-07 05:39 - 00000000 ____D C:\Users\ASUS PC\Documents\Tugas Hukum
2015-12-22 09:00 - 2015-11-11 20:22 - 00000000 ____D C:\Program Files\IIS
2015-12-22 09:00 - 2015-08-02 03:28 - 00000000 ____D C:\Windows\system32\huu
2015-12-22 09:00 - 2015-07-31 09:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-22 09:00 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-22 09:00 - 2015-07-30 18:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\Intel
2015-12-22 09:00 - 2015-07-30 18:40 - 00000000 ____D C:\Program Files\DIFX
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-12-22 09:00 - 2015-07-10 21:13 - 00000000 ____D C:\Windows\system32\WCN
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\spool
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\InputMethod
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-22 09:00 - 2015-07-10 19:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 09:00 - 2015-05-02 07:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2015-12-22 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-21 17:59 - 2015-11-10 00:35 - 00069632 _____ C:\Windows\system32\config\SAM.bak
2015-12-21 17:59 - 2015-07-10 17:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-12-21 17:01 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\Registration
2015-12-19 20:52 - 2015-05-13 23:37 - 00000000 ____D C:\Users\ASUS PC\AppData\Local\ElevatedDiagnostics
2015-12-19 07:18 - 2015-05-09 18:50 - 00000000 __RDO C:\Users\ASUS PC\OneDrive
 
==================== Files in the root of some directories =======
 
2015-05-21 10:16 - 2015-07-29 19:32 - 0000024 _____ () C:\Users\ASUS PC\AppData\Roaming\appdataFr25.bin
2015-12-27 01:49 - 2015-12-27 01:49 - 0000473 _____ () C:\Users\ASUS PC\AppData\Roaming\droid4xinstaller.log
2015-06-29 17:14 - 2015-07-01 08:14 - 0000098 _____ () C:\Users\ASUS PC\AppData\Roaming\WB.CFG
2015-06-23 02:01 - 2015-06-23 02:01 - 0005120 _____ () C:\Users\ASUS PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-14 18:24 - 2015-12-06 02:56 - 0007603 _____ () C:\Users\ASUS PC\AppData\Local\resmon.resmoncfg
2015-05-12 16:33 - 2015-05-12 16:33 - 0000000 _____ () C:\Users\ASUS PC\AppData\Local\Temp.dat
2015-07-30 18:42 - 2015-07-30 18:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-08 22:03 - 2016-01-08 22:03 - 0000231 _____ () C:\ProgramData\fontcacheev1.dat
2015-02-11 21:50 - 2014-03-26 09:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-12-04 00:56 - 2014-03-27 04:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-12-04 00:56 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-12-04 00:56 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\RefreshReg.vbs
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-08-02 03:28] - [2015-08-02 03:28] - 0680256 ____N (Microsoft Corporation) D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-16 23:23
 
==================== End of FRST.txt ============================

 

 

 

ADDITION

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-17 04:53:50)
Running from C:\Users\ASUS PC\Desktop
Windows 10 Home Single Language (X64) (2015-07-30 11:26:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2388969625-1933337250-1248866418-500 - Administrator - Disabled)
ASUS PC (S-1-5-21-2388969625-1933337250-1248866418-1001 - Administrator - Enabled) => C:\Users\ASUS PC
DefaultAccount (S-1-5-21-2388969625-1933337250-1248866418-503 - Limited - Disabled)
Guest (S-1-5-21-2388969625-1933337250-1248866418-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2388969625-1933337250-1248866418-1003 - Limited - Enabled)
nicky (S-1-5-21-2388969625-1933337250-1248866418-1004 - Limited - Enabled) => C:\Users\nicky
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Pro Evolution Soccer 2016» 1.4.0.0 (HKLM-x32\...\«Pro Evolution Soccer 2016»_is1) (Version: 1.4.0.0 - KONAMI)
Akamai NetSession Interface (HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Ghost Recon Future Soldier Complete Edition version 1.8.0.0 (HKLM-x32\...\Ghost Recon Future Soldier Complete Edition_is1) (Version: 1.8.0.0 - Ubisoft)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek)
Metal Gear Solid V - The Phantom Pain version 1.0.2 (HKLM-x32\...\Metal Gear Solid V - The Phantom Pain_is1) (Version: 1.0.2 - dzrepack games)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
MotoGP 15 version 1.0.0 (HKLM-x32\...\MotoGP 15_is1) (Version: 1.0.0 - pQube)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3.1 PRO - MP3 Rocket Inc)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MX vs ATV Supercross Encore Edition (HKLM-x32\...\MX vs ATV Supercross Encore Edition_is1) (Version:  - )
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PHDGD Virtual VRAM Tool version 1.0 (HKLM-x32\...\{FB97A218-8B43-43BE-A721-C199C6589D08}_is1) (Version: 1.0 - PHDGD/IntelliModder32)
PHDGD® NOW!™ (HKLM-x32\...\PHDGD® NOW!™) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1815.0 - CyberLink Corporation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prison Architect (HKLM-x32\...\Prison Architect_is1) (Version:  - )
Pro Evolution Soccer 2015 version 1.0 (HKLM-x32\...\Pro Evolution Soccer 2015_is1) (Version: 1.0 - KONAMI)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smartfren Connex CE81B UI v1.0.1.784 (HKLM-x32\...\Smartfren Connex CE81B Normal Version_is1) (Version:  - )
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.03.000 - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
Windows Device Recovery Tool 3.1.2 (HKLM-x32\...\{9e156ead-3518-4112-999a-4188770fc8ad}) (Version: 3.1.2 - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ASUS PC\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C571F8-C6EE-4A68-B3FE-BE147756D093} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {18BCBA4C-B39E-4839-BFAC-6DF57FDB7D1E} - System32\Tasks\{E573FB5E-9A04-4089-B375-4811F12D3357} => pcalua.exe -a "D:\New Folder\TUInstallHelper.exe" -c --Trigger-Uninstall
Task: {18F94435-5210-4A6F-82D2-E2CBFE167EDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1971E942-C6C5-47EE-A0DB-F47C49932FB5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1FB10C82-2D26-4197-8E23-308929F0AAAB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21E910AC-5D7B-425F-A582-EB408B31EEB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A2AF9D8-59C2-4FDF-83BD-F45C4303C9B5} - System32\Tasks\EVGAPrecisionX => D:\PrecisionX_x64.exe
Task: {37699187-7920-43E5-9FAD-B8B0C88E0A4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {38F17724-C6F8-4970-9F79-F6DEE58B14F9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {41302165-645E-43D9-8646-081D858E604D} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {42ECCC87-E17F-4856-8BBD-4A6D84D3CAB6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {55362E45-9112-4065-8B3E-7ACE3A3F23EC} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {59DC418C-99ED-4D38-9953-7E46F81D46DD} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {5E043FA7-8251-42BB-9C91-DF0C452EA7FB} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {650F6345-2D86-48B4-A559-A7C87B94A294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6ABDE848-0CDD-4CF7-9DD6-14B65C8D7315} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78FA46C0-7D98-4A97-AA3A-8FDFB7556440} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-04] (Realtek Semiconductor)
Task: {8244B8A1-DA68-4C50-ABA2-DF16FC808CA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {84B219E7-2893-4EDD-A789-4EDA6D75052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CD29D13-B3A5-4CA5-AF02-16D3C54F1AC3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EC62405-8742-4D0A-B73F-F65EFEC27A5D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9EEFF3FA-EE50-4985-A109-C6119375C70C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE5CFF0B-2646-4E54-8376-4398C4FFA990} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {BF2756B0-A74B-49AD-936B-928757192F9A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFF4B7CA-DDE5-49D0-B6A9-1A24E1FBC969} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {C2D9AC99-E573-49E1-B899-DB15872A6A85} - System32\Tasks\Java™ Platform SE Auto Updater 2 0 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {CDA3F42D-8603-452D-A513-B6099F22DCD0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-28] (AsusTek)
Task: {E44AF3DC-0903-4EF7-A1F0-D4E676807A0A} - System32\Tasks\{9B486D92-502B-4049-B2FC-9EB12C1FE0E8} => pcalua.exe -a "C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe" -d "C:\Program Files\ASUS\ASUS FlipLock"
Task: {E6EF3878-DACA-4C5F-ADFA-2D8B1DC863FB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)
Task: {F7A4BE79-D8DD-4BFC-846F-08D7099315C0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-31 09:28 - 2015-07-31 09:28 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-10 19:00 - 2015-07-10 19:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-07-30 18:42 - 2015-07-14 01:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-19 17:02 - 2015-08-11 17:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-07-10 19:00 - 2015-07-10 19:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-07 22:52 - 2015-09-17 14:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-11-07 22:52 - 2015-09-17 14:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-11-07 22:52 - 2015-09-17 13:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 00:55 - 2015-11-25 12:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-19 00:56 - 2015-11-25 12:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-19 00:55 - 2015-11-25 12:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-07 22:52 - 2015-09-17 13:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-10 16:26 - 2015-11-10 16:26 - 00335360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\05a6d0e3a666ac8d0b38a6a290869c06\Windows.Foundation.ni.dll
2014-04-30 15:33 - 2014-04-30 15:33 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2015-05-21 16:40 - 2015-10-12 11:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS PC\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\best-wallpapers-of-2560-x-1600-landscape-fantasy-photo-best-wallpapers.jpg
HKU\S-1-5-21-2388969625-1933337250-1248866418-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 111.95.141.4 - 202.73.99.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Droid4XService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "ASUS HDD Protection Tray Application"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "RemoteControl"
HKLM\...\StartupApproved\Run32: => "LanguageShortcut"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "TrojanScanner"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "IDM 7.3 Crack (Internet Download Manager) Free Download.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Flutter"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "RocketDock"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "version_provider"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SmartRAM"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steganos VPN Proxy Handler"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SOS_Agent"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steganos VPN Local Proxy"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "SOS Browser Monitor"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_72489B4B318A01C250DB4ECD49090791"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2388969625-1933337250-1248866418-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{6993ACC3-59CD-4000-85FE-1393E4801AD5}D:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{909FF392-F425-4A64-B54B-F6C016A3D48B}D:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{1219C82E-F421-4207-8450-5286B399AD2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0CC11774-EC5C-4948-BC1B-2E2812D3127A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A74E5D5E-1B19-432D-B6C2-1E82548D833D}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [UDP Query User{6F6BE5F7-D6B3-4B1E-AB06-A8E6BDB25F28}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [TCP Query User{22BE4875-6B0F-4CB4-A51A-D43DED7D003E}D:\games\mxgp\mxgp.exe] => (Allow) D:\games\mxgp\mxgp.exe
FirewallRules: [UDP Query User{6D39BE6A-474C-48B6-9FC4-A8087CF89BBB}D:\games\mxgp\mxgp.exe] => (Allow) D:\games\mxgp\mxgp.exe
FirewallRules: [{5D4E2C8D-4A5F-447E-9875-E08B9DEA156D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EA2187E-F0C2-4CE4-AF38-657F2C82B3BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48A3A53D-EDA7-43ED-9342-4AF43A7E87CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF1A951B-9556-4F4C-8539-4212A1E05464}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFBA19C3-5BCF-4176-A037-EF3684342EC6}] => (Allow) D:\Aplikasi\iTunes.exe
FirewallRules: [{78246F29-BC8D-4C26-BA4F-6DFF8343E241}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{39B7A782-28CF-4BD9-990D-04D167DCF3BC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{230A7BF1-2EC5-4065-B2F6-B3F26B9A3B23}] => (Allow) D:\GAMES\Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{3B369182-2E46-45D0-95C6-E4B745AB121A}] => (Allow) D:\GAMES\Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{00DEEA3D-A78D-4CC5-9A05-138ABA12B794}] => (Allow) D:\GAMES\Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{2163787C-ACAE-4DB1-B3D4-4415737CA3A1}] => (Allow) D:\GAMES\Splinter Cell Conviction\src\system\gu.exe
 
==================== Restore Points =========================
 
16-01-2016 05:18:59 Removed Microsoft Web Deploy 3.6
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2016 04:52:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:47:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724
Exception code: 0x80000003
Fault offset: 0x0000000000151c4f
Faulting process id: 0x7e8
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (01/17/2016 04:47:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:45:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:45:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:36:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1250
 
Start Time: 01d1509d3acfb14f
 
Termination Time: 4294967295
 
Application Path: C:\Windows\explorer.exe
 
Report Id: cbf889c7-bc90-11e5-83f1-a6cf77c7f6bc
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/17/2016 04:35:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICKYLIM)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/17/2016 04:34:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1670
 
Start Time: 01d1509d4cb0b9d4
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 9524cf4d-bc90-11e5-83f1-acd1b84afe07
 
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (01/17/2016 04:34:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NICKYLIM)
Description: App Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time.
 
 
System errors:
=============
Error: (01/17/2016 04:52:14 AM) (Source: DCOM) (EventID: 10010) (User: NICKYLIM)
Description: MicrosoftEdge
 
Error: (01/17/2016 04:49:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error: 
%%2
 
Error: (01/17/2016 04:49:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery Service service which failed to start because of the following error: 
%%1058
 
Error: (01/17/2016 04:48:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/17/2016 04:48:03 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/17/2016 04:48:02 AM) (Source: DCOM) (EventID: 10005) (User: NICKYLIM)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/17/2016 04:48:02 AM) (Source: DCOM) (EventID: 10005) (User: NICKYLIM)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/17/2016 04:48:02 AM) (Source: DCOM) (EventID: 10005) (User: NICKYLIM)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/17/2016 04:48:01 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/17/2016 04:48:01 AM) (Source: DCOM) (EventID: 10005) (User: NICKYLIM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
CodeIntegrity:
===================================
  Date: 2016-01-16 22:04:53.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 22:04:52.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 22:04:52.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 22:04:52.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 22:04:52.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 22:04:52.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-16 05:40:34.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-15 11:56:53.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-15 11:56:52.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 53%
Total physical RAM: 3979.12 MB
Available physical RAM: 1832.8 MB
Total Virtual: 8331.12 MB
Available Virtual: 6136.16 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.49 GB) (Free:47.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:18.37 GB) NTFS
Drive e: (Nicky) (Fixed) (Total:14.91 GB) (Free:14.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 34889F47)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: D7C85BA8)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 16 January 2016 - 04:16 PM

Alright, the bsdriver service was successfully deleted. Now, we'll run a FRST once more to delete the proxy that was set.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50098;https=127.0.0.1:50098
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
Once this is done, we'll run SFC so Windows can replace the patched dnsapi.dll by a clean copy from the component store, and this should allow you to get back online.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

Finally, restart your computer and let me know if you can browse the web normally after.

This being said, your next reply should include:
  • Copy/pasted content of the FRST fixlog;
  • Download URL to the CBS.log after running SFC;
  • If you can browse the web normally after running SFC and restarting your computer;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 04:42 PM

i already run sfc /scannow as administrator when 27% verification phase it stuck

and say

 

"windows resource protection could not perform the requested operation"

 

here my fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by ASUS PC (2016-01-17 05:22:46) Run:5
Running from C:\Users\ASUS PC\Desktop
Loaded Profiles: ASUS PC & nicky (Available Profiles: ASUS PC & nicky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50098;https=127.0.0.1:50098
*****************
 
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 05:22:52 ====


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 16 January 2016 - 05:01 PM

If you ran SFC while the ShopperZ infection was still active on your system, it's normal that it might not have liked it and the operation failed. So did you run it before I post the instructions to run SFC, or after?

This being said, please run SFC again using the instructions I provided above. Also, if SFC stops at a certain % of the scan (and gives you the error message you posted above, or another one), can you still upload the CBS.log after? It'll allow me to see why the scan hangs and can't continue.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 nickylim95

nickylim95
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 January 2016 - 11:26 PM

sorry i fell asleep

i run it after... no cbs... because it just stop

i havent start the %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt

 

so you want me to start it? or how

because the sfc is failed

 

just info.. i already do it sfc before i post my problem to this forum

i already test that sfc only run on safe mode thanks


Edited by nickylim95, 16 January 2016 - 11:33 PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 17 January 2016 - 11:25 AM

You can run SFC in Safe Mode if you wish. Like I told you, it doesn't matter if the SFC scan doesn't go through, throws an error message and stop or else. Once the SFC scan completes (successfully or not), you can run the command I give you to get the cbs.txt file on your Desktop, and then upload it. With it, I'll be able to see why the SFC scan stops midway and why it cannot complete the operation.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users