Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected to ps4ux then india-zed.com when clicking at links


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ugoki

Ugoki

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 03 November 2016 - 06:57 AM

Like the title said, when I clicked at a link, Chrome would sometimes open up a new tab, contents being the page I clicked the link at, while the old one turned into ps4ux then india-zed.com. And when I clicked a link on Google, I would always open a new tab, with the old tab sometimes staying as it is or turning into ps4ux. Doesn't happen if I clicked a link right when the page still loads though.
 
Using Chrome at Windows 7 64-bit. Already tried cleaning with Malwarebytes and Hitmanpro to no avail. They detected a bunch of things but the problem is still not fixed. Tried the Junkware Removal by Malwarebytes but it keeps saying Permission Denied even though I've run it with admin rights. Dunno if the scan is successful.
 
I have no idea where I got this malware. I didn't download anything shady. It just came out a few days back out of nowhere.
 
It seems blocking all third party cookies solve the problem temporarily. There are these two cookies that keep coming out no matter what the website is, titled connectionstrenth.com and urlvalidation.com. And I notice whereever the malware is active, chrome will show it's blocking a pop up page and an Adobe Flash Player from activating.
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Mahisa (administrator) on MAHISA-PC (03-11-2016 17:45:52)
Running from C:\Users\Mahisa\Downloads
Loaded Profiles: Mahisa (Available Profiles: Mahisa & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpn.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Codeusa Software) E:\Borderless Gaming\BorderlessGaming.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Murray Hurps Software Pty Ltd) E:\Ad Muncher\AdMunch.exe
(Mega Limited) C:\Users\Mahisa\AppData\Local\MEGAsync\MEGAsync.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Murray Hurps Software Pty Ltd) E:\Ad Muncher\AdMunch64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
(Blizzard Entertainment) H:\Battle.net\Battle.net.8098\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-30] (AVAST Software)
HKLM-x32\...\Run: [Ad Muncher] => E:\Ad Muncher\AdMunch.exe [560760 2015-08-11] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [3 2015-10-10] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [429304 2013-04-09] (IVT Corporation)
HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe [9643265 2016-06-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {67b2f140-28f0-11e4-82b9-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {fd2a5893-1aae-11e4-85c2-806e6f6e6963} - D:\Run.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-21] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
Startup: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2016-11-03]
ShortcutTarget: Borderless Gaming.lnk -> E:\Borderless Gaming\BorderlessGaming.exe (Codeusa Software)
Startup: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-16]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Mahisa\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3103837576-1966484345-1073920839-1000] => 101.178.91.233:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BDCC07B0-928E-4489-9A2A-72FF3591CBB9}: [DhcpNameServer] 10.8.0.1
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-29] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-28] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-21]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-18]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-29] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default [2016-11-03]
CHR Extension: (Hide Fedora) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-27]
CHR Extension: (Google Drive) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MEGA) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-11-03]
CHR Extension: (PageExpand) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnobgdfhefpilajplncgjjeopakpepc [2016-08-01]
CHR Extension: (YouTube) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (AdBlock+) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2014-11-21]
CHR Extension: (OneTab) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-11]
CHR Extension: (uBlock Origin) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Clear Cache) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2015-10-01]
CHR Extension: (Tampermonkey) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-08]
CHR Extension: (Block site) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-08-09]
CHR Extension: (Imgur Uploader) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-06-11]
CHR Extension: (Word Count Tool) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2016-09-24]
CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2014-10-31]
CHR Extension: (Speed Dial 2) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-06-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Nextvid Stopper for YouTube™) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkhlpecokabjdphcgfakhegiacmoca [2016-01-03]
CHR Extension: (Foxish live RSS) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhdikhnaigcdlamenbgkmllgmfnngoi [2015-03-13]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-11-01]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-30]
CHR Extension: (4chan X) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2016-10-30]
CHR Extension: (Gmail) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-21] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3308544 2013-04-09] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [207096 2013-04-09] (IVT Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [597328 2016-07-31] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OpenVPNService; C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe [29920 2016-06-18] (The OpenVPN Project)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-21] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43128 2012-12-25] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
R3 hhdusbh64; C:\Windows\System32\DRIVERS\hhdusbh64.sys [43616 2015-10-30] (HHD Software Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25720 2013-01-05] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-20] (Duplex Secure Ltd.)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
U3 axswt2f7; C:\Windows\System32\Drivers\axswt2f7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-03 17:45 - 2016-11-03 17:46 - 00033794 _____ C:\Users\Mahisa\Downloads\FRST.txt
2016-11-03 17:45 - 2016-11-03 17:45 - 02408960 _____ (Farbar) C:\Users\Mahisa\Downloads\FRST64.exe
2016-11-03 17:45 - 2016-11-03 17:45 - 00000000 ____D C:\FRST
2016-10-26 16:17 - 2016-10-26 16:17 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\FiraxisLive
2016-10-26 16:15 - 2016-10-26 16:15 - 00404832 _____ C:\Windows\Minidump\102616-115674-01.dmp
2016-10-26 16:08 - 2016-10-26 16:08 - 00000787 _____ C:\Users\Public\Desktop\Sid Meiers Civilization VI.lnk
2016-10-26 16:08 - 2016-10-26 16:08 - 00000787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI.lnk
2016-10-25 18:47 - 2016-10-25 18:47 - 00846883 _____ C:\Users\Mahisa\Downloads\Decrypt9WIP-20161021-152223 (1).zip
2016-10-25 18:44 - 2016-10-25 18:44 - 02714560 _____ C:\Users\Mahisa\Downloads\JKSM.cia
2016-10-25 18:43 - 2016-10-25 18:43 - 00481984 _____ C:\Users\Mahisa\Downloads\JKSM_3DSX.zip
2016-10-25 13:06 - 2016-10-25 13:06 - 00000467 _____ C:\Users\Mahisa\Documents\allin.txt
2016-10-24 18:57 - 2016-10-26 16:14 - 927945219 ____N C:\Windows\MEMORY.DMP
2016-10-24 18:57 - 2016-10-24 18:57 - 00412928 _____ C:\Windows\Minidump\102416-29827-01.dmp
2016-10-24 00:18 - 2016-10-24 00:18 - 01741760 _____ C:\Users\Mahisa\Downloads\TitlekeysTools.cia
2016-10-24 00:13 - 2016-10-24 00:13 - 03220416 _____ C:\Users\Mahisa\Downloads\freeShop-2.1.3.cia
2016-10-24 00:05 - 2016-10-24 00:05 - 00889424 _____ C:\Users\Mahisa\Downloads\freeShop-master.zip
2016-10-23 05:31 - 2016-10-23 05:31 - 04696320 _____ C:\Users\Mahisa\Downloads\DQMTW_V1.1_Update.cia
2016-10-23 00:06 - 2016-10-23 00:06 - 00052768 _____ C:\Users\Mahisa\Downloads\2016-10-21 - (T)Dedas VS (Z)Soviet.SC2Replay
2016-10-22 22:25 - 2016-10-22 22:25 - 00000000 ____D C:\Users\Mahisa\AppData\Local\pip
2016-10-22 22:20 - 2016-10-22 22:20 - 07011593 _____ C:\Users\Mahisa\Downloads\PyQt5_gpl-5.7.zip
2016-10-22 22:16 - 2016-10-22 22:16 - 02100000 _____ C:\Users\Mahisa\Downloads\Pillow-3.4.2.win-amd64-py3.5.exe
2016-10-22 22:12 - 2016-10-22 22:12 - 00010890 _____ C:\Users\Mahisa\Downloads\image_mosaic_script_v5.py
2016-10-22 22:10 - 2016-10-22 22:11 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-10-22 22:10 - 2016-10-22 22:10 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Package Cache
2016-10-22 22:09 - 2016-10-22 22:09 - 29269656 _____ (Python Software Foundation) C:\Users\Mahisa\Downloads\python-3.5.2.exe
2016-10-22 21:53 - 2016-10-22 21:53 - 00000000 ____D C:\Users\Mahisa\.idlerc
2016-10-22 21:36 - 2016-10-22 21:36 - 10811768 _____ C:\Users\Mahisa\Downloads\Pillow-3.3.3.zip
2016-10-22 21:35 - 2016-10-22 21:35 - 01787367 _____ C:\Users\Mahisa\Downloads\Pillow-3.4.2.win32-py3.5.exe
2016-10-22 21:11 - 2016-10-22 21:12 - 08198265 _____ C:\Users\Mahisa\Downloads\EmuNAND9-20160919-134904.zip
2016-10-22 19:52 - 2016-10-22 19:52 - 00004500 _____ C:\Users\Mahisa\Downloads\fbi-2.4.2-injectable.torrent
2016-10-22 19:51 - 2016-10-22 19:51 - 00184388 _____ C:\Users\Mahisa\Downloads\DspDump.3dsx
2016-10-22 19:51 - 2016-10-22 19:51 - 00001102 _____ C:\Users\Mahisa\Downloads\aeskeydb.torrent
2016-10-22 19:50 - 2016-10-22 19:50 - 00138050 _____ C:\Users\Mahisa\Downloads\Hourglass9-20161021-152615.zip
2016-10-22 19:49 - 2016-10-22 19:49 - 00216346 _____ C:\Users\Mahisa\Downloads\Luma3DSv6.3.1.7z
2016-10-22 19:48 - 2016-10-22 19:48 - 02512529 _____ C:\Users\Mahisa\Downloads\FBI.zip
2016-10-22 19:47 - 2016-10-22 19:47 - 01234319 _____ C:\Users\Mahisa\Downloads\lumaupdater-1.4.2.zip
2016-10-22 19:47 - 2016-10-22 19:47 - 01019840 _____ C:\Users\Mahisa\Downloads\lumaupdater.cia
2016-10-22 19:46 - 2016-10-22 19:46 - 00206465 _____ C:\Users\Mahisa\Downloads\hblauncher_loader_v1.2 (1).zip
2016-10-22 19:45 - 2016-10-22 19:45 - 00009214 _____ C:\Users\Mahisa\Downloads\release.7z
2016-10-22 19:44 - 2016-10-22 19:44 - 00002633 _____ C:\Users\Mahisa\Downloads\data_input_v3.torrent
2016-10-22 19:42 - 2016-10-22 19:42 - 00098988 _____ C:\Users\Mahisa\Downloads\SafeA9LHInstallerv2.0.3.7z
2016-10-22 19:39 - 2016-10-22 19:41 - 04783545 _____ C:\Users\Mahisa\Downloads\starter (2).zip
2016-10-22 19:31 - 2016-10-22 20:26 - 00000000 ____D C:\Users\Mahisa\Desktop\New folder
2016-10-22 18:40 - 2016-10-22 18:40 - 00029389 _____ C:\Users\Mahisa\Downloads\2.1.0-4U_ctrtransfer_o3ds.torrent
2016-10-22 17:35 - 2016-10-22 17:35 - 00846883 _____ C:\Users\Mahisa\Downloads\Decrypt9WIP-20161021-152223.zip
2016-10-22 17:35 - 2016-10-22 17:35 - 00206465 _____ C:\Users\Mahisa\Downloads\hblauncher_loader_v1.2.zip
2016-10-22 17:11 - 2016-10-22 17:11 - 04783545 _____ C:\Users\Mahisa\Downloads\starter (1).zip
2016-10-22 12:33 - 2016-10-22 12:33 - 00097788 _____ C:\Users\Mahisa\Downloads\ioritree%27s 3DS NTR CFW Trainer 20161016.rar
2016-10-22 02:34 - 2016-10-22 02:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-10-22 02:16 - 2016-10-22 02:16 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\TeamViewer
2016-10-22 02:03 - 2016-10-22 02:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-22 02:02 - 2016-10-22 02:02 - 11579432 _____ (SurfRight B.V.) C:\Users\Mahisa\Downloads\hitmanpro_x64.exe
2016-10-22 01:47 - 2016-10-22 01:47 - 00003928 _____ C:\Users\Mahisa\Desktop\Rkill.txt
2016-10-22 01:46 - 2016-10-22 01:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mahisa\Downloads\rkill.com
2016-10-22 01:04 - 2016-10-22 01:04 - 01631928 _____ (Malwarebytes) C:\Users\Mahisa\Downloads\JRT.exe
2016-10-22 00:47 - 2016-10-22 00:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-22 00:46 - 2016-10-22 00:46 - 22851472 _____ (Malwarebytes ) C:\Users\Mahisa\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-22 00:40 - 2016-10-22 00:42 - 00000000 ____D C:\AdwCleaner
2016-10-22 00:40 - 2016-10-22 00:40 - 03910208 _____ C:\Users\Mahisa\Downloads\adwcleaner_6.030.exe
2016-10-21 20:11 - 2016-10-21 20:11 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-10-21 20:10 - 2016-10-21 20:10 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-21 20:10 - 2016-10-21 20:10 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-20 21:45 - 2016-10-20 21:45 - 00278933 _____ C:\Users\Mahisa\Downloads\speedfly-3ds-trainer-v20161018.zip
2016-10-19 22:12 - 2016-10-19 22:12 - 00971882 _____ C:\Users\Mahisa\Downloads\Gateshark2NTR V1.1.zip
2016-10-19 21:49 - 2016-10-19 21:49 - 00413435 _____ C:\Users\Mahisa\Downloads\menuCheat.zip
2016-10-19 21:49 - 2016-10-19 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
2016-10-19 21:48 - 2016-10-19 21:49 - 00000000 ____D C:\devkitPro
2016-10-19 21:41 - 2016-10-19 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-10-19 21:39 - 2016-10-19 21:39 - 18636800 _____ C:\Users\Mahisa\Downloads\python-2.7.11.msi
2016-10-19 21:37 - 2016-10-19 21:40 - 00000000 ____D C:\Python27
2016-10-19 21:37 - 2016-10-19 21:38 - 00266480 _____ C:\Users\Mahisa\Downloads\devkitProUpdater-1.6.0.exe
2016-10-19 21:36 - 2016-10-19 21:36 - 19550208 _____ C:\Users\Mahisa\Downloads\python-2.7.11.amd64.msi
2016-10-19 17:22 - 2016-10-19 17:22 - 00000612 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-10-12 07:03 - 2016-10-12 07:03 - 00007333 _____ C:\Users\Mahisa\Downloads\Littlewitch.CT
2016-10-12 07:01 - 2016-10-12 07:01 - 00004276 _____ C:\Users\Mahisa\Downloads\Littlewitch.editio.perfecta.CT
2016-10-08 21:56 - 2016-10-08 21:56 - 07316767 _____ (Michael Fogleman ) C:\Users\Mahisa\Downloads\feed-notifier-2.6.exe
2016-10-06 12:59 - 2016-10-06 12:59 - 00000216 _____ C:\Users\Mahisa\Desktop\Littlewitch Romanesque Editio Regia.url
2016-10-06 12:01 - 2016-11-03 17:29 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-03 17:36 - 2016-02-18 21:45 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Battle.net
2016-11-03 17:24 - 2009-07-14 11:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-03 17:24 - 2009-07-14 11:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-03 17:23 - 2015-05-23 04:13 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Greenshot
2016-11-03 17:23 - 2014-08-02 18:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-03 17:16 - 2014-08-27 11:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-03 17:16 - 2013-04-09 10:35 - 00001292 _____ C:\Windows\SysWOW64\bscs.ini
2016-11-03 17:16 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-03 12:48 - 2014-08-02 18:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 19:44 - 2009-07-14 12:13 - 00801706 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 19:44 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-10-30 19:24 - 2014-08-02 18:28 - 00000000 ____D C:\Users\Mahisa\AppData\Local\ElevatedDiagnostics
2016-10-30 19:24 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-30 19:22 - 2014-08-02 18:08 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Google
2016-10-27 19:30 - 2016-01-11 00:02 - 00000000 ____D C:\Users\Mahisa\Documents\StarCraft II
2016-10-27 03:49 - 2014-08-02 18:08 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-27 03:49 - 2014-08-02 18:08 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-26 16:16 - 2014-08-21 07:59 - 00000000 ____D C:\Users\Mahisa\Documents\My Games
2016-10-26 16:15 - 2014-08-18 19:02 - 00000000 ____D C:\Windows\Minidump
2016-10-26 16:12 - 2015-09-25 23:58 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\qBittorrent
2016-10-24 16:03 - 2009-07-14 12:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-22 22:11 - 2014-08-02 20:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-22 21:53 - 2014-08-02 18:00 - 00000000 ____D C:\Users\Mahisa
2016-10-22 02:34 - 2016-07-22 22:03 - 00000000 ____D C:\Users\Mahisa\Desktop\newdnscript
2016-10-22 01:01 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SchCache
2016-10-22 00:49 - 2016-02-09 21:16 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455027374
2016-10-21 20:11 - 2014-08-14 10:47 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-10-21 20:11 - 2014-08-14 10:47 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-10-21 20:11 - 2014-08-14 10:47 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-21 20:11 - 2014-08-14 10:47 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-21 20:10 - 2016-02-09 18:05 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147705551380707
2016-10-21 20:10 - 2014-08-14 10:47 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147705551411810
2016-10-21 20:10 - 2014-08-14 10:47 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147705551539712
2016-10-21 20:10 - 2014-08-14 10:47 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-21 20:10 - 2014-08-14 10:46 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-19 22:15 - 2016-08-24 12:39 - 00000000 ____D C:\Users\Mahisa\AppData\Local\CrashDumps
2016-10-19 22:03 - 2016-02-07 01:58 - 00597952 _____ C:\Users\Mahisa\Downloads\BootNTR.cia
2016-10-19 21:41 - 2015-12-19 20:02 - 00002028 _____ C:\Users\Mahisa\Downloads\devkitProUpdate.ini
2016-10-17 01:03 - 2016-06-11 22:13 - 00000000 ____D C:\Users\Mahisa\Documents\My Kindle Content
2016-10-13 12:45 - 2016-08-18 21:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 12:44 - 2016-08-18 21:18 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-10-13 12:44 - 2016-08-18 21:18 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-10-13 12:44 - 2016-08-18 21:17 - 00001406 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-10-13 12:44 - 2015-02-28 13:42 - 00001418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-10-06 12:59 - 2014-10-17 22:06 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== Files in the root of some directories =======
 
2016-08-22 12:53 - 2016-08-22 12:53 - 0001456 _____ () C:\Users\Mahisa\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-16 19:35 - 2015-06-16 19:35 - 0000094 _____ () C:\Users\Mahisa\AppData\Local\fusioncache.dat
2015-09-26 10:03 - 2015-09-26 10:03 - 0000218 _____ () C:\Users\Mahisa\AppData\Local\recently-used.xbel
2014-08-19 22:48 - 2015-05-10 04:28 - 0007597 _____ () C:\Users\Mahisa\AppData\Local\Resmon.ResmonCfg
2015-06-09 18:34 - 2015-06-09 18:34 - 0002644 _____ () C:\ProgramData\regid.2008-12.com.digitalconfidence_D87FC884-18AD-43AB-AC37-14B76BA62203.swidtag
 
Some files in TEMP:
====================
C:\Users\Mahisa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mahisa\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\libeay32.dll
C:\Users\Mahisa\AppData\Local\Temp\mirc736.exe
C:\Users\Mahisa\AppData\Local\Temp\msvcr120.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Mahisa\AppData\Local\Temp\QuickSupport.exe
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s13g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s16o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s1us.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s2s0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s3v8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s40c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s4rs.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5fk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5t4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s66o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6p4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6s4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7jk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7no.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7rc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7uc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s84c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s860.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8jg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8r8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9gc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9pg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9r0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sa0s.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb2c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb98.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sbic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_spo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s1ls.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s2vc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s57g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6d0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ok.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s77k.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7eo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8b0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8oc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8vo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s91c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s988.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9co.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9m0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sa04.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sadk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sae0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_san8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_saog.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sb14.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbbg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbdo.dll
C:\Users\Mahisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahisa\AppData\Local\Temp\SRLDetectionLibrary6110100364183381549.dll
C:\Users\Mahisa\AppData\Local\Temp\TwitchDown.exe
C:\Users\Mahisa\AppData\Local\Temp\_is4F5C.exe
C:\Users\Mahisa\AppData\Local\Temp\{E36B1FD8-D2A2-4C8C-AA27-12944AAFB87A}.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-25 00:14
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Mahisa (03-11-2016 17:46:28)
Running from C:\Users\Mahisa\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-02 11:00:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3103837576-1966484345-1073920839-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3103837576-1966484345-1073920839-1004 - Limited - Enabled)
Guest (S-1-5-21-3103837576-1966484345-1073920839-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3103837576-1966484345-1073920839-1002 - Limited - Enabled)
Mahisa (S-1-5-21-3103837576-1966484345-1073920839-1000 - Administrator - Enabled) => C:\Users\Mahisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
«Dishonored - GOTY Edition» 1.4.1.0 (HKLM-x32\...\«Dishonored - GOTY Edition»_is1) (Version: 1.4.1.0 - Arkane Studios)
«Homeworld Remastered Collection» 1.2.0.0 (HKLM-x32\...\«Homeworld Remastered Collection»_is1) (Version: 1.2.0.0 - Gearbox)
Action Replay PowerSaves 3DS version 1.42 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.42 - Datel Design & Development)
Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF00}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Assassin's Creed (HKLM-x32\...\Assassin's Creed_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BatchPurifier (HKLM-x32\...\{94BB283B-5431-4093-8900-69633405FD05}) (Version: 7.00.0000 - Digital Confidence)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blood Haze (HKLM-x32\...\Blood Haze) (Version: - )
BlueSoleil 9.2.422.1 (HKLM\...\{8AE22409-C267-4D70-A0A0-9A244CEB8942}) (Version: 9.2.422.1 - IVT Corporation)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 7.9 - Codeusa Software)
calibre 64bit (HKLM\...\{9152084E-DEE6-4908-93D0-DC2227FEACB5}) (Version: 2.62.0 - Kovid Goyal)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - )
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dragonball Xenoverse Bundle Edition (HKLM-x32\...\Dragonball Xenoverse Bundle Edition_is1) (Version: - )
Empire Earth Gold Edition (HKLM-x32\...\Empire Earth Gold Edition_is1) (Version: - GOG.com)
Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta) (HKLM-x32\...\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)1.15.0.3s) (Version: 1.15.0.3s - Friends in War)
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Patch v1.8 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.8 - )
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Fallout New Vegas 1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
FreePandoraDownloader 3.0.0 (HKLM-x32\...\49E98237-A151-452b-809D-1D057CF1A4D9_is1) (Version: - SneakyStreams.com)
Game Launcher version 3.2.1.7 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.7 - Eikester)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - )
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Gravity Ghost (HKLM-x32\...\R3Jhdml0eUdob3N0_is1) (Version: 1 - )
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HHD Software Free USB Analyzer 7.26 (HKLM\...\HHD Device Monitoring Studio 5.01) (Version: 7.26.0.6304 - HHD Software, Ltd.)
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Littlewitch Romanesque: Editio Regia (HKLM\...\Steam App 349300) (Version: - Littlewitch)
Lords of the Fallen (HKLM-x32\...\{F3DFAE55-83E3-4BD4-9311-B5AB0C16EFD9}_is1) (Version: - CI Games)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth. Shadow of Mordor, 粢・ 1.0.0.0 (HKLM-x32\...\Middle-earth. Shadow of Mordor_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Minecraft1.7.8 (HKLM-x32\...\Minecraft1.7.8) (Version: - )
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - )
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Monitor Asset Manager (HKLM-x32\...\{AD0BBBFD-C5E9-4214-A863-E83313D67C0C}_is1) (Version: - EnTech Taiwan)
Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pillars of Eternity: Royal Edition (HKLM-x32\...\Pillars of Eternity: Royal Edition_is1) (Version: - )
Planescape Torment (HKLM-x32\...\Planescape Torment_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5 Pillow-3.4.2 (HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Pillow-py3.5) (Version: - )
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Shovel Knight_is1) (Version: - )
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Simple DNSCrypt (HKLM-x32\...\{C0C0E944-6D87-4F0E-9446-3283A4A662A8}) (Version: 0.3.6 - bitbeans)
SmartOCR Lite Edition 1.0 (HKLM-x32\...\{12905F20-5A31-499A-9463-71E5C3EF950B}) (Version: 1.0.70 - Smart Reading)
SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Super Mario World: Dark Horizon (HKLM-x32\...\Super Mario World: Dark Horizon) (Version: - )
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.1.0.2 - GOG.com)
The Beginner's Guide (HKLM-x32\...\The Beginner's Guide_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
The Magic Circle (HKLM-x32\...\The Magic Circle_is1) (Version: - )
The Turing Test (HKLM-x32\...\The Turing Test_is1) (Version: - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
The Witcher 3 Wild Hunt v.1.0.3 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.21.0.0 - GOG.com)
Tixati (HKLM-x32\...\tixati) (Version: - )
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Valiant Hearts The Great War (HKLM-x32\...\Valiant Hearts The Great War_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version: - )
Victoria 2 Heart of Darkness (HKLM-x32\...\Victoria 2 Heart of Darkness1) (Version: 1 - Friends in War)
Victoria II: Heart of Darkness version 3.03 (HKLM-x32\...\Victoria II: Heart of Darkness_is1) (Version: 3.03 - Paradox Interactive)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.8.1.6658 - Golden Frog, GmbH.)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein The New Order ver. 1.0.0.2 (HKLM-x32\...\{55055055-10AE-00BA-96F5-98DD6F3006AC}_is1) (Version: 1.0.0.2 - Bethesda Game Studios)
Wondershare Filmora(Build 6.6.0) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)
XInput GamePad Support Mod version 2.9.1 (HKLM-x32\...\{BB8DBD35-0E49-4D9F-B23B-AB3C5BB3439C}_is1) (Version: 2.9.1 - Meowmaritus)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Youku Downloader(xmlbar)(remove only) (HKLM-x32\...\Xmlbar YoukuDownloader) (Version: - )
ZenVPN (HKLM-x32\...\ZenVPN) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DCFFC82-CADC-4672-8331-FDB63773549A} - System32\Tasks\{C24CFF7E-BBA7-4CA2-878F-2C1DF4F507BA} => E:\Pcsx-R\pcsxr.exe [2015-12-19] (hxxp://pcsxr.codeplex.com/)
Task: {2BA011D3-A28D-464B-9F4B-6644A3A0B5F6} - System32\Tasks\{404A85D5-434A-4FE6-8CEF-2E1826BD4C98} => E:\Fallout New Vegas\FalloutNV.exe [2011-10-18] (Bethesda Softworks)
Task: {2F5464F8-9801-4607-8D43-9230DDDAD05F} - System32\Tasks\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270} - System32\Tasks\{CC184604-3EDE-4B25-A62C-D2790DF3A127} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {73C4DB93-49E8-4D28-A5F9-D6303525FAF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {740BA3AE-E252-4562-AD81-95D58F6F5812} - System32\Tasks\SafeZone scheduled Autoupdate 1455027374 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {77914015-8F1C-4E06-8DCA-1A58043193DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CDB51B9F-7C00-4FDC-9FE5-3DAA4A77B6D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-21] (AVAST Software)
Task: {DE6F1EF0-3EEB-458D-B471-AA9652C277D6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-16] (AVAST Software)
Task: {E23AEC1A-B3E8-4FC2-A04C-50F6B9511103} - System32\Tasks\{974E0B6B-9E72-43D9-8C70-E71B148BEECF} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F9A5CD56-918F-4834-9CFC-D367594499F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Mahisa\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) ==============

2013-04-09 11:00 - 2013-04-09 11:00 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL
2013-04-09 10:59 - 2013-04-09 10:59 - 00029432 _____ () C:\Windows\system32\BsTrace.dll
2014-08-27 11:54 - 2016-08-11 18:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-09 10:59 - 2013-04-09 10:59 - 00029432 _____ () C:\Windows\System32\BsTrace.dll
2016-07-31 11:02 - 2016-07-31 11:02 - 00597328 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2016-08-24 07:27 - 2016-01-12 11:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-04-09 10:58 - 2013-04-09 10:58 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-05-01 21:13 - 2016-07-21 17:27 - 00592384 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll
2014-08-02 18:11 - 2013-09-13 23:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 09643265 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
2016-10-21 20:10 - 2016-10-21 20:10 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-03 12:11 - 2016-11-03 12:11 - 03126672 _____ () C:\Program Files\AVAST Software\Avast\defs\16110201\algo.dll
2016-10-21 20:10 - 2016-10-21 20:10 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-31 11:03 - 2016-07-31 11:03 - 00700832 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-18.dll
2016-07-31 11:03 - 2016-07-31 11:03 - 00130904 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 00174448 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\liblzo2-2.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 00112040 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\libpkcs11-helper-1.dll
2014-08-02 18:10 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-06 21:22 - 2016-01-12 11:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-10 04:01 - 2016-07-10 04:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-21 17:26 - 2016-07-21 17:26 - 00482304 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\libsodium.dll
2013-04-09 10:59 - 2013-04-09 10:59 - 00158456 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-05-01 21:15 - 2016-07-21 17:27 - 00564224 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll
2016-10-27 03:49 - 2016-10-20 15:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-27 03:49 - 2016-10-20 15:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2013-04-09 10:31 - 2013-04-09 10:31 - 00019456 _____ () C:\Windows\SysWOW64\BsTrace.dll
2016-10-26 02:57 - 2016-10-24 11:03 - 17771200 _____ () C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [294]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2015-02-28 13:37 - 00001699 ____A C:\Windows\system32\Drivers\etc\hosts

162.159.240.99 kissanime.com
50.23.213.210 www.memecenter.com
188.132.173.60 i20.mangareader.net127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 127.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D375D9B1-9262-4F61-85E2-3C582871C1A9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{2EF3EBE3-5CD7-4879-ADBC-E0325432C3B5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{22CDE263-EBB6-4786-A009-BC230297A69F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{93EEA5BD-0211-4F73-BB78-3D3AB7824BA0}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{4695A371-C017-49A2-BED5-370F494B80A8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EC58CA1B-0883-41AC-8C13-3F4EAFAD7CCB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F0DA46FB-1349-4DA2-8F18-D2CAD0AB34A5}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{1A096E06-C6DF-4C86-BBF8-73643109CA49}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [{C91A3D3B-B67E-4AAF-AA2E-183965D4E9CB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CA9709B-76BE-4692-8570-6B5FFA55E366}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{85ED93C9-E47E-48E9-9C95-B4968251C291}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8C212B62-9743-47FC-B6CF-7C124A3809A9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{209B5FC3-1071-43D6-81B4-825C35C7FB0A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F1ABE94B-E63F-4C59-9770-9FEA51D2BF2D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{690D8C35-438A-465B-A476-B0F4CF6C2F04}C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe] => (Allow) C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe
FirewallRules: [UDP Query User{2B6D07F3-8467-4B41-A26E-5CD7FA526D1D}C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe] => (Allow) C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe
FirewallRules: [TCP Query User{616043F8-1C94-492B-8FC2-D6600568A02F}C:\program files\intel\intel® rapid storage technology\iastoricon.exe] => (Allow) C:\program files\intel\intel® rapid storage technology\iastoricon.exe
FirewallRules: [UDP Query User{DA6C8644-769D-4C14-83E1-CCF1169955C3}C:\program files\intel\intel® rapid storage technology\iastoricon.exe] => (Allow) C:\program files\intel\intel® rapid storage technology\iastoricon.exe
FirewallRules: [{302FFFE7-C521-4BF7-866A-4C2ABAF61795}] => (Allow) E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{5BB6CC33-4FC0-417F-9560-610C5FC4005F}] => (Allow) E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{9D601C9E-B10F-4174-8D93-9E4680908DAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{787F2F97-85B1-4DB3-B276-4F4EB6A55903}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{C27062E8-FBB5-4944-B8F1-DFEC6FE2B3E5}E:\call of duty - black ops 2\t6sp.exe] => (Allow) E:\call of duty - black ops 2\t6sp.exe
FirewallRules: [UDP Query User{B108FA68-5418-4BCE-8EDF-5110575A5613}E:\call of duty - black ops 2\t6sp.exe] => (Allow) E:\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{B123AF40-608C-4056-A54A-4E783CEAEFD0}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [UDP Query User{DF3502EF-D471-4C47-84CC-1F9F45E0B40D}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [TCP Query User{3276FEC3-D541-4831-9BA7-F87FEC371313}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [UDP Query User{A5728639-94C8-4841-BDF6-6279607DB012}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [TCP Query User{5BD1A1B0-3C1D-4E1F-854A-1427F992813E}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [UDP Query User{5190F8B8-91FF-4D47-966E-8616C2D5CEC2}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [{517DC179-BD12-4BAD-9FCD-6CBD48FE23F4}] => (Allow) E:\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{A45C10F2-3F0F-47C9-BF1C-3B57D91966A8}] => (Allow) E:\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{904136AB-3D42-4A8F-B4A1-F8ABFA3EB161}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CBA0280B-789C-4254-B547-83A3870705D3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{11E9B88B-7315-43F2-BA9F-90AFEEC9A88C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{1638C232-4C5C-45A1-80A0-0A8B43ADA2E0}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{33485F74-4B06-496E-87AF-9ABAEDE1F7D3}] => (Allow) E:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B9D49D04-A7C8-4FB1-8004-A3455FDFAD0B}] => (Allow) E:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{E3715510-84EF-426F-A0D3-8BA71D5F4E59}] => (Allow) E:\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{E8D466D1-F8B0-49A3-9BFB-6015D2EB1674}] => (Allow) E:\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{1ABD50F9-70FB-4C12-AB96-9B68DF282BCF}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{AFADBFFE-3249-4A8B-9BCE-30806C3FCE35}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{6B339A7D-2435-453A-BDB9-CB68D50DB775}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{9AF5E521-ADD5-4370-84EC-9DD8CAB7059E}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{919EC0B1-9D7B-41DC-95A4-49AED67440B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{55B20887-F4CE-4964-8F59-3B5A5C9D7783}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{795C76A5-5CB6-4AF7-AC6C-ED4D01F0BA1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{029F930E-09D0-4F1B-8A00-3DF5AD3CF670}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{285D9D3A-EE7A-41D9-A24B-315FA0CAFE56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35C57B36-C010-4BD2-BA32-17486B827EB5}] => (Allow) E:\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{ECCACEAA-3134-4AC8-B008-5D90B517A7D5}] => (Allow) E:\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{3BB38A10-FBF0-4A91-8451-A9672CC448CF}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0521CF17-C4C7-448C-ADD4-9BC1537F542B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{70268215-3025-4658-B901-EE32840906C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{13440E8C-0573-403E-B096-348E9A92DCA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D8E74935-0B75-4C14-B5D1-EDA46E647804}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{F65F977F-B61A-4B40-B0AD-4B81B2391742}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{CBCC260F-77C1-4BAE-AF0E-4C239E81DB49}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{B579E6AB-9036-4332-A9F9-D2953063C267}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{0C2E9EEA-4006-4E5E-A42C-3C7DA58F3FEB}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{DD22D97D-9F45-4DB3-AD98-A70FC2FE8DEE}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{D1A54D0C-B1C8-43C7-9E37-860BC8DAFA7D}] => (Allow) E:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{9C9EB2CA-B78A-4443-B806-471C0A3FC419}] => (Allow) E:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{E57FE2FD-AB80-44A6-9B1F-A59389302457}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{26895345-D87B-4EA0-AF30-64D49F75D0A2}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{A25CB2D4-1611-4F9A-854A-A6F29AB2EDD5}E:\starcraft ii\support64\sc2editor_x64.exe] => (Allow) E:\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{6DBB40A1-B19B-4BBF-A4E8-88AAA15BA4F2}E:\starcraft ii\support64\sc2editor_x64.exe] => (Allow) E:\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{906C4246-FDEB-4FF3-9151-043BF25538E5}] => (Allow) E:\StarCraft II\Versions\Base38996\SC2.exe
FirewallRules: [{7582BD09-62CD-4365-BFA7-E109968E23D0}] => (Allow) E:\StarCraft II\Versions\Base38996\SC2.exe
FirewallRules: [{82F2F9F0-C9EA-4C63-BB28-23503FC9EA17}] => (Allow) E:\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E77CC0A7-8280-48E7-947E-5EB80CB9A97A}] => (Allow) E:\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [TCP Query User{C6854D43-6E03-4B6D-9241-A1B930FDDF41}E:\starcraft ii\support\sc2editor.exe] => (Allow) E:\starcraft ii\support\sc2editor.exe
FirewallRules: [UDP Query User{CED00326-48DD-477A-BEEB-687C7CEC8D5C}E:\starcraft ii\support\sc2editor.exe] => (Allow) E:\starcraft ii\support\sc2editor.exe
FirewallRules: [{D79D3230-235F-43D8-AC00-E4650A0A8195}] => (Allow) E:\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [{BE540F83-53C6-4A68-A348-899D60A09911}] => (Allow) E:\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{E8C70047-AC7A-4C7E-9D33-F02158FF0507}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [UDP Query User{BCF9E6FD-DCCA-4830-B862-D9A415D47AF0}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [{5DC6E0CF-E484-4FC0-8B0A-DF0A00B27B82}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2_x64.exe
FirewallRules: [{75FAB449-94C3-4B01-A194-F5741505FF4C}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2_x64.exe
FirewallRules: [{4E7CE0CC-CEEC-4270-BD58-50400B588382}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2.exe
FirewallRules: [{E2303D84-437E-4E2A-BFC9-AE5729061078}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2.exe
FirewallRules: [{0ED75C15-B4D5-4A9B-8D3D-16C257159A0A}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{288F93F7-A87C-497E-8D29-4184D24F9811}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{158A12F0-5BB8-49D9-A104-83E977163BB4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8E8961A-B282-4F61-9401-CBDBD77A1409}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D2CC316B-B86A-46CA-B509-6B164A995519}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2_x64.exe
FirewallRules: [{9217CA92-B7F0-457E-9FEC-5C74D96BFD85}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2_x64.exe
FirewallRules: [{6CF2047D-2536-4655-AE35-C27B1C2B73B9}] => (Allow) E:\StarCraft II\Versions\Base43478\SC2_x64.exe
FirewallRules: [{C07DDA33-395B-4EB1-A129-647400464B61}] => (Allow) E:\StarCraft II\Versions\Base43478\SC2_x64.exe
FirewallRules: [{784CC263-3D18-4F57-BB35-5B2D0633DD40}] => (Allow) E:\StarCraft II\Versions\Base44401\SC2_x64.exe
FirewallRules: [{4D81CC25-E83F-4288-805E-5EE9AF02F539}] => (Allow) E:\StarCraft II\Versions\Base44401\SC2_x64.exe
FirewallRules: [TCP Query User{E18B0B98-18CB-489C-BE28-14960687BC3A}C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe] => (Allow) C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe
FirewallRules: [UDP Query User{CB4DA1F7-5806-4D09-8A67-DF4DC3FA2640}C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe] => (Allow) C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe
FirewallRules: [{A4FBB6C4-5E79-421D-910B-404705C916ED}] => (Allow) E:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{F6F5630F-5442-4586-B3D5-173CBA47D0FD}] => (Allow) E:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [TCP Query User{4694FC58-88DB-4651-BFFB-9F465E60401B}E:\empire earth gold edition\empire earth\empire earth.exe] => (Block) E:\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [UDP Query User{7DED4C95-7713-4FFA-81DA-4302607A4420}E:\empire earth gold edition\empire earth\empire earth.exe] => (Block) E:\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [{E2C7857A-CBB4-4CC0-9DB4-5341ECBBB6CB}] => (Allow) C:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{94EE4CDD-789A-4B0E-8407-6E216B8C2F69}] => (Allow) C:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{77596719-272F-47DD-BB0F-5D3BC5A0D1F9}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{EDBD2000-39CF-498A-8720-5BCFAD62B8C0}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{DCF64B88-2005-4D56-A695-60645D9F1B17}] => (Allow) G:\Program Files\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{BE3651CA-C9B8-43A3-9F25-D35D3BD69976}] => (Allow) G:\Program Files\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{660C5D4D-D27D-4319-AF47-225BD2196BD2}] => (Allow) H:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{697031EE-2061-421A-A820-B21E990238C7}] => (Allow) H:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{A8ED5D16-D9DD-4A24-AD0A-E810A4B193E6}] => (Allow) H:\StarCraft II\Versions\Base46154\SC2_x64.exe
FirewallRules: [{3E7C8354-5BAB-4AD8-95F9-006AFBDCE01D}] => (Allow) H:\StarCraft II\Versions\Base46154\SC2_x64.exe
FirewallRules: [{6F4FEABD-90DB-40F0-B755-AC3F482F5C4B}] => (Allow) G:\Program Files\Steam\steamapps\common\Littlewitch Romanesque Editio Regia\Littlewitch.exe
FirewallRules: [{28960E8F-E0DB-41AA-B7B1-17FE3A36B08C}] => (Allow) G:\Program Files\Steam\steamapps\common\Littlewitch Romanesque Editio Regia\Littlewitch.exe
FirewallRules: [{0A93BB37-CD43-4570-9118-50E5712B872B}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2_x64.exe
FirewallRules: [{933F85A6-8E41-4293-BAC5-F4E3A997221D}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2_x64.exe
FirewallRules: [{852A7332-82B7-40C4-85AB-8DFE98F5D676}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{6F26FB81-CBA7-4264-8B40-B181C6377A4C}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{38F37921-79A5-4BB1-ACBB-21736B05A306}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-10-2016 17:21:35 JRT Pre-Junkware Removal
22-10-2016 22:10:09 Python 3.5.2 (32-bit)
26-10-2016 16:11:06 Installed DirectX
02-11-2016 19:23:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2016 05:16:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/03/2016 12:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/02/2016 05:40:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/02/2016 12:13:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/02/2016 05:06:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 09:55:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Agent.exe, version: 2.7.5.5220, time stamp: 0x58016272
Faulting module name: Agent.exe, version: 2.7.5.5220, time stamp: 0x58016272
Exception code: 0xc0000005
Fault offset: 0x000ce943
Faulting process id: 0x12e4
Faulting application start time: 0x01d2344d1f3ee993
Faulting application path: C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
Faulting module path: C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
Report Id: 33d765cf-a043-11e6-97ac-74d43568d8cf

Error: (11/01/2016 05:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 12:04:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2016 11:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/30/2016 07:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/03/2016 05:16:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/03/2016 12:10:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/02/2016 05:40:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/02/2016 12:13:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/02/2016 05:06:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/01/2016 05:13:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (11/01/2016 12:04:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (10/31/2016 11:17:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (10/30/2016 07:19:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (10/30/2016 07:16:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger


CodeIntegrity:
===================================
Date: 2016-10-21 20:06:15.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:35.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:35.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:35.006
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:34.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:34.850
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 20:05:34.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 16:04:14.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 16:03:29.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-21 16:03:29.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16270.94 MB
Available physical RAM: 12120.37 MB
Total Virtual: 48811 MB
Available Virtual: 44272.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:39.65 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:638.44 GB) (Free:126.98 GB) NTFS
Drive f: (Sid Meiers Civilization VI) (CDROM) (Total:4.86 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:201.63 GB) (Free:59.17 GB) NTFS
Drive h: () (Fixed) (Total:263.59 GB) (Free:36.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 78B7D15C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8097639D)
Partition 1: (Not Active) - (Size=201.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=263.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 November 2016 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 05 November 2016 - 10:08 PM

Greetings Ugoki and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 05 November 2016 - 10:41 PM

Greetings,

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Adobe Products and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 09 November 2016 - 09:57 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 09 November 2016 - 06:07 PM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\devkitpro\msys\bin\ssh-keygen.exe
c:\users\mahisa\documents\dolphin emulator\config\hotkeys.ini
hosts 127.0.0.1 hlrcv.stage.adobe.com 
hosts 127.0.0.1 lmlicenses.wip4.adobe.com 
hosts 127.0.0.1 lm.licenses.adobe.com 
hosts 127.0.0.1 activate.adobe.com 
hosts 127.0.0.1 practivate.adobe.com 
scanner sequence 3.FA.11.LDFNV0
 ----- EOF ----- 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Mahisa (administrator) on MAHISA-PC (10-11-2016 06:03:36)
Running from C:\Users\Mahisa\Downloads
Loaded Profiles: Mahisa (Available Profiles: Mahisa & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpn.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Codeusa Software) E:\Borderless Gaming\BorderlessGaming.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mega Limited) C:\Users\Mahisa\AppData\Local\MEGAsync\MEGAsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Murray Hurps Software Pty Ltd) E:\Ad Muncher\AdMunch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Murray Hurps Software Pty Ltd) E:\Ad Muncher\AdMunch64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\SimpleDnsCrypt.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Mahisa\Downloads\CKScanner.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2016-11-03] (Greenshot)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [Ad Muncher] => E:\Ad Muncher\AdMunch.exe [560760 2015-08-11] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [3 2015-10-10] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [429304 2013-04-09] (IVT Corporation)
HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe [9643265 2016-06-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {67b2f140-28f0-11e4-82b9-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {fd2a5893-1aae-11e4-85c2-806e6f6e6963} - D:\Run.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-21] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
Startup: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2016-11-09]
ShortcutTarget: Borderless Gaming.lnk -> E:\Borderless Gaming\BorderlessGaming.exe (Codeusa Software)
Startup: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-16]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Mahisa\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3103837576-1966484345-1073920839-1000] => 101.178.91.233:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BDCC07B0-928E-4489-9A2A-72FF3591CBB9}: [DhcpNameServer] 10.8.0.1
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-29] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-29] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-21]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-29] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default [2016-11-10]
CHR Extension: (Hide Fedora) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-27]
CHR Extension: (Google Drive) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MEGA) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-11-03]
CHR Extension: (PageExpand) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnobgdfhefpilajplncgjjeopakpepc [2016-08-01]
CHR Extension: (YouTube) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (AdBlock+) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2014-11-21]
CHR Extension: (OneTab) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-11]
CHR Extension: (uBlock Origin) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Clear Cache) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2015-10-01]
CHR Extension: (Tampermonkey) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Block site) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-08-09]
CHR Extension: (Imgur Uploader) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-06-11]
CHR Extension: (Word Count Tool) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2016-09-24]
CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2014-10-31]
CHR Extension: (Speed Dial 2) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-06-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Nextvid Stopper for YouTube™) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkhlpecokabjdphcgfakhegiacmoca [2016-01-03]
CHR Extension: (Foxish live RSS) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhdikhnaigcdlamenbgkmllgmfnngoi [2015-03-13]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-11-10]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-30]
CHR Extension: (4chan X) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2016-11-09]
CHR Extension: (Gmail) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-21] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3308544 2013-04-09] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [207096 2013-04-09] (IVT Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [597328 2016-07-31] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OpenVPNService; C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe [29920 2016-06-18] (The OpenVPN Project)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-21] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43128 2012-12-25] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
R3 hhdusbh64; C:\Windows\System32\DRIVERS\hhdusbh64.sys [43616 2015-10-30] (HHD Software Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25720 2013-01-05] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-20] (Duplex Secure Ltd.)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
U3 axk3n0xv; C:\Windows\System32\Drivers\axk3n0xv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 05:46 - 2016-11-10 05:46 - 00468480 _____ () C:\Users\Mahisa\Downloads\CKScanner.exe
2016-11-08 01:00 - 2016-11-08 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2016-11-08 01:00 - 2016-11-08 01:00 - 00000000 ____D C:\Program Files\Greenshot
2016-11-08 00:59 - 2016-11-08 00:59 - 01376137 _____ (Greenshot ) C:\Users\Mahisa\Downloads\Greenshot-INSTALLER-1.2.8.14-RELEASE.exe
2016-11-06 10:42 - 2016-11-06 10:42 - 00083235 _____ C:\Users\Mahisa\Downloads\ggtracker_6851527.SC2Replay
2016-11-03 17:46 - 2016-11-10 05:53 - 00056243 _____ C:\Users\Mahisa\Downloads\Addition.txt
2016-11-03 17:45 - 2016-11-10 06:03 - 00031539 _____ C:\Users\Mahisa\Downloads\FRST.txt
2016-11-03 17:45 - 2016-11-10 06:03 - 00000000 ____D C:\FRST
2016-11-03 17:45 - 2016-11-03 17:45 - 02408960 _____ (Farbar) C:\Users\Mahisa\Downloads\FRST64.exe
2016-10-26 16:17 - 2016-10-26 16:17 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\FiraxisLive
2016-10-26 16:15 - 2016-10-26 16:15 - 00404832 _____ C:\Windows\Minidump\102616-115674-01.dmp
2016-10-26 16:08 - 2016-10-26 16:08 - 00000787 _____ C:\Users\Public\Desktop\Sid Meiers Civilization VI.lnk
2016-10-26 16:08 - 2016-10-26 16:08 - 00000787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI.lnk
2016-10-25 18:47 - 2016-10-25 18:47 - 00846883 _____ C:\Users\Mahisa\Downloads\Decrypt9WIP-20161021-152223 (1).zip
2016-10-25 18:44 - 2016-10-25 18:44 - 02714560 _____ C:\Users\Mahisa\Downloads\JKSM.cia
2016-10-25 18:43 - 2016-10-25 18:43 - 00481984 _____ C:\Users\Mahisa\Downloads\JKSM_3DSX.zip
2016-10-25 13:06 - 2016-10-25 13:06 - 00000467 _____ C:\Users\Mahisa\Documents\allin.txt
2016-10-24 18:57 - 2016-10-26 16:14 - 927945219 ____N C:\Windows\MEMORY.DMP
2016-10-24 18:57 - 2016-10-24 18:57 - 00412928 _____ C:\Windows\Minidump\102416-29827-01.dmp
2016-10-24 00:18 - 2016-10-24 00:18 - 01741760 _____ C:\Users\Mahisa\Downloads\TitlekeysTools.cia
2016-10-24 00:13 - 2016-10-24 00:13 - 03220416 _____ C:\Users\Mahisa\Downloads\freeShop-2.1.3.cia
2016-10-24 00:05 - 2016-10-24 00:05 - 00889424 _____ C:\Users\Mahisa\Downloads\freeShop-master.zip
2016-10-23 05:31 - 2016-10-23 05:31 - 04696320 _____ C:\Users\Mahisa\Downloads\DQMTW_V1.1_Update.cia
2016-10-23 00:06 - 2016-10-23 00:06 - 00052768 _____ C:\Users\Mahisa\Downloads\2016-10-21 - (T)Dedas VS (Z)Soviet.SC2Replay
2016-10-22 22:25 - 2016-10-22 22:25 - 00000000 ____D C:\Users\Mahisa\AppData\Local\pip
2016-10-22 22:20 - 2016-10-22 22:20 - 07011593 _____ C:\Users\Mahisa\Downloads\PyQt5_gpl-5.7.zip
2016-10-22 22:16 - 2016-10-22 22:16 - 02100000 _____ C:\Users\Mahisa\Downloads\Pillow-3.4.2.win-amd64-py3.5.exe
2016-10-22 22:12 - 2016-10-22 22:12 - 00010890 _____ C:\Users\Mahisa\Downloads\image_mosaic_script_v5.py
2016-10-22 22:10 - 2016-10-22 22:11 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-10-22 22:10 - 2016-10-22 22:10 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Package Cache
2016-10-22 22:09 - 2016-10-22 22:09 - 29269656 _____ (Python Software Foundation) C:\Users\Mahisa\Downloads\python-3.5.2.exe
2016-10-22 21:53 - 2016-10-22 21:53 - 00000000 ____D C:\Users\Mahisa\.idlerc
2016-10-22 21:36 - 2016-10-22 21:36 - 10811768 _____ C:\Users\Mahisa\Downloads\Pillow-3.3.3.zip
2016-10-22 21:35 - 2016-10-22 21:35 - 01787367 _____ C:\Users\Mahisa\Downloads\Pillow-3.4.2.win32-py3.5.exe
2016-10-22 21:11 - 2016-10-22 21:12 - 08198265 _____ C:\Users\Mahisa\Downloads\EmuNAND9-20160919-134904.zip
2016-10-22 19:52 - 2016-10-22 19:52 - 00004500 _____ C:\Users\Mahisa\Downloads\fbi-2.4.2-injectable.torrent
2016-10-22 19:51 - 2016-10-22 19:51 - 00184388 _____ C:\Users\Mahisa\Downloads\DspDump.3dsx
2016-10-22 19:51 - 2016-10-22 19:51 - 00001102 _____ C:\Users\Mahisa\Downloads\aeskeydb.torrent
2016-10-22 19:50 - 2016-10-22 19:50 - 00138050 _____ C:\Users\Mahisa\Downloads\Hourglass9-20161021-152615.zip
2016-10-22 19:49 - 2016-10-22 19:49 - 00216346 _____ C:\Users\Mahisa\Downloads\Luma3DSv6.3.1.7z
2016-10-22 19:48 - 2016-10-22 19:48 - 02512529 _____ C:\Users\Mahisa\Downloads\FBI.zip
2016-10-22 19:47 - 2016-10-22 19:47 - 01234319 _____ C:\Users\Mahisa\Downloads\lumaupdater-1.4.2.zip
2016-10-22 19:47 - 2016-10-22 19:47 - 01019840 _____ C:\Users\Mahisa\Downloads\lumaupdater.cia
2016-10-22 19:46 - 2016-10-22 19:46 - 00206465 _____ C:\Users\Mahisa\Downloads\hblauncher_loader_v1.2 (1).zip
2016-10-22 19:45 - 2016-10-22 19:45 - 00009214 _____ C:\Users\Mahisa\Downloads\release.7z
2016-10-22 19:44 - 2016-10-22 19:44 - 00002633 _____ C:\Users\Mahisa\Downloads\data_input_v3.torrent
2016-10-22 19:42 - 2016-10-22 19:42 - 00098988 _____ C:\Users\Mahisa\Downloads\SafeA9LHInstallerv2.0.3.7z
2016-10-22 19:39 - 2016-10-22 19:41 - 04783545 _____ C:\Users\Mahisa\Downloads\starter (2).zip
2016-10-22 19:31 - 2016-10-22 20:26 - 00000000 ____D C:\Users\Mahisa\Desktop\New folder
2016-10-22 18:40 - 2016-10-22 18:40 - 00029389 _____ C:\Users\Mahisa\Downloads\2.1.0-4U_ctrtransfer_o3ds.torrent
2016-10-22 17:35 - 2016-10-22 17:35 - 00846883 _____ C:\Users\Mahisa\Downloads\Decrypt9WIP-20161021-152223.zip
2016-10-22 17:35 - 2016-10-22 17:35 - 00206465 _____ C:\Users\Mahisa\Downloads\hblauncher_loader_v1.2.zip
2016-10-22 17:11 - 2016-10-22 17:11 - 04783545 _____ C:\Users\Mahisa\Downloads\starter (1).zip
2016-10-22 12:33 - 2016-10-22 12:33 - 00097788 _____ C:\Users\Mahisa\Downloads\ioritree%27s 3DS NTR CFW Trainer 20161016.rar
2016-10-22 02:34 - 2016-10-22 02:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-10-22 02:16 - 2016-10-22 02:16 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\TeamViewer
2016-10-22 02:03 - 2016-10-22 02:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-22 02:02 - 2016-10-22 02:02 - 11579432 _____ (SurfRight B.V.) C:\Users\Mahisa\Downloads\hitmanpro_x64.exe
2016-10-22 01:47 - 2016-10-22 01:47 - 00003928 _____ C:\Users\Mahisa\Desktop\Rkill.txt
2016-10-22 01:46 - 2016-10-22 01:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mahisa\Downloads\rkill.com
2016-10-22 01:04 - 2016-10-22 01:04 - 01631928 _____ (Malwarebytes) C:\Users\Mahisa\Downloads\JRT.exe
2016-10-22 00:47 - 2016-10-22 00:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-22 00:46 - 2016-10-22 00:46 - 22851472 _____ (Malwarebytes ) C:\Users\Mahisa\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-22 00:40 - 2016-10-22 00:42 - 00000000 ____D C:\AdwCleaner
2016-10-22 00:40 - 2016-10-22 00:40 - 03910208 _____ C:\Users\Mahisa\Downloads\adwcleaner_6.030.exe
2016-10-21 20:11 - 2016-10-21 20:11 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-10-21 20:10 - 2016-10-21 20:10 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-21 20:10 - 2016-10-21 20:10 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-20 21:45 - 2016-10-20 21:45 - 00278933 _____ C:\Users\Mahisa\Downloads\speedfly-3ds-trainer-v20161018.zip
2016-10-19 22:12 - 2016-10-19 22:12 - 00971882 _____ C:\Users\Mahisa\Downloads\Gateshark2NTR V1.1.zip
2016-10-19 21:49 - 2016-10-19 21:49 - 00413435 _____ C:\Users\Mahisa\Downloads\menuCheat.zip
2016-10-19 21:49 - 2016-10-19 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
2016-10-19 21:48 - 2016-10-19 21:49 - 00000000 ____D C:\devkitPro
2016-10-19 21:41 - 2016-10-19 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-10-19 21:39 - 2016-10-19 21:39 - 18636800 _____ C:\Users\Mahisa\Downloads\python-2.7.11.msi
2016-10-19 21:37 - 2016-10-19 21:40 - 00000000 ____D C:\Python27
2016-10-19 21:37 - 2016-10-19 21:38 - 00266480 _____ C:\Users\Mahisa\Downloads\devkitProUpdater-1.6.0.exe
2016-10-19 21:36 - 2016-10-19 21:36 - 19550208 _____ C:\Users\Mahisa\Downloads\python-2.7.11.amd64.msi
2016-10-19 17:22 - 2016-10-19 17:22 - 00000612 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-10-12 07:03 - 2016-10-12 07:03 - 00007333 _____ C:\Users\Mahisa\Downloads\Littlewitch.CT
2016-10-12 07:01 - 2016-10-12 07:01 - 00004276 _____ C:\Users\Mahisa\Downloads\Littlewitch.editio.perfecta.CT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 06:01 - 2014-08-05 18:00 - 00000000 ____D C:\Users\Mahisa\Downloads\Compressed
2016-11-10 05:52 - 2014-08-02 21:32 - 00000000 ____D C:\ProgramData\Adobe
2016-11-10 05:52 - 2014-08-02 21:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-10 05:48 - 2016-10-06 12:01 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-10 05:48 - 2015-02-28 13:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-10 05:48 - 2014-08-02 18:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-10 05:39 - 2015-02-28 13:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-10 03:54 - 2014-08-02 18:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-09 22:01 - 2016-02-18 21:45 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Battle.net
2016-11-09 17:19 - 2009-07-14 11:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-09 17:19 - 2009-07-14 11:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 17:11 - 2014-08-27 11:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-09 17:11 - 2013-04-09 10:35 - 00001292 _____ C:\Windows\SysWOW64\bscs.ini
2016-11-09 17:11 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-09 05:02 - 2014-08-14 10:47 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-08 21:34 - 2009-07-14 12:13 - 00801706 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-08 21:34 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-11-05 23:50 - 2014-08-02 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-03 17:23 - 2015-05-23 04:13 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Greenshot
2016-10-30 19:24 - 2014-08-02 18:28 - 00000000 ____D C:\Users\Mahisa\AppData\Local\ElevatedDiagnostics
2016-10-30 19:24 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-30 19:22 - 2014-08-02 18:08 - 00000000 ____D C:\Users\Mahisa\AppData\Local\Google
2016-10-27 19:30 - 2016-01-11 00:02 - 00000000 ____D C:\Users\Mahisa\Documents\StarCraft II
2016-10-27 03:49 - 2014-08-02 18:08 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-27 03:49 - 2014-08-02 18:08 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-26 16:16 - 2014-08-21 07:59 - 00000000 ____D C:\Users\Mahisa\Documents\My Games
2016-10-26 16:15 - 2014-08-18 19:02 - 00000000 ____D C:\Windows\Minidump
2016-10-26 16:12 - 2015-09-25 23:58 - 00000000 ____D C:\Users\Mahisa\AppData\Roaming\qBittorrent
2016-10-24 16:03 - 2009-07-14 12:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-22 22:11 - 2014-08-02 20:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-22 21:53 - 2014-08-02 18:00 - 00000000 ____D C:\Users\Mahisa
2016-10-22 02:34 - 2016-07-22 22:03 - 00000000 ____D C:\Users\Mahisa\Desktop\newdnscript
2016-10-22 01:01 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SchCache
2016-10-22 00:49 - 2016-02-09 21:16 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455027374
2016-10-21 20:11 - 2014-08-14 10:47 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-10-21 20:11 - 2014-08-14 10:47 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-10-21 20:11 - 2014-08-14 10:47 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-21 20:10 - 2016-02-09 18:05 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147705551380707
2016-10-21 20:10 - 2014-08-14 10:47 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147705551411810
2016-10-21 20:10 - 2014-08-14 10:47 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147705551539712
2016-10-21 20:10 - 2014-08-14 10:47 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-21 20:10 - 2014-08-14 10:47 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-21 20:10 - 2014-08-14 10:46 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-19 22:15 - 2016-08-24 12:39 - 00000000 ____D C:\Users\Mahisa\AppData\Local\CrashDumps
2016-10-19 22:03 - 2016-02-07 01:58 - 00597952 _____ C:\Users\Mahisa\Downloads\BootNTR.cia
2016-10-19 21:41 - 2015-12-19 20:02 - 00002028 _____ C:\Users\Mahisa\Downloads\devkitProUpdate.ini
2016-10-17 01:03 - 2016-06-11 22:13 - 00000000 ____D C:\Users\Mahisa\Documents\My Kindle Content
2016-10-13 12:45 - 2016-08-18 21:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2016-08-22 12:53 - 2016-08-22 12:53 - 0001456 _____ () C:\Users\Mahisa\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-16 19:35 - 2015-06-16 19:35 - 0000094 _____ () C:\Users\Mahisa\AppData\Local\fusioncache.dat
2015-09-26 10:03 - 2015-09-26 10:03 - 0000218 _____ () C:\Users\Mahisa\AppData\Local\recently-used.xbel
2014-08-19 22:48 - 2015-05-10 04:28 - 0007597 _____ () C:\Users\Mahisa\AppData\Local\Resmon.ResmonCfg
2015-06-09 18:34 - 2015-06-09 18:34 - 0002644 _____ () C:\ProgramData\regid.2008-12.com.digitalconfidence_D87FC884-18AD-43AB-AC37-14B76BA62203.swidtag
 
Some files in TEMP:
====================
C:\Users\Mahisa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mahisa\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\libeay32.dll
C:\Users\Mahisa\AppData\Local\Temp\mirc736.exe
C:\Users\Mahisa\AppData\Local\Temp\msvcr120.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Mahisa\AppData\Local\Temp\QuickSupport.exe
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s13g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s16o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s1us.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s2s0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s3v8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s40c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s4rs.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5fk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5t4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s66o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6p4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6s4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7jk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7no.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7rc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7uc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s84c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s860.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8jg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8r8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9gc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9pg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9r0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sa0s.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb2c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb98.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sbic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_spo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s1ls.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s2vc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s57g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6d0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ok.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s77k.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7eo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8b0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8oc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8vo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s91c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s988.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9co.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9m0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sa04.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sadk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sae0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_san8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_saog.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sb14.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbbg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbdo.dll
C:\Users\Mahisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahisa\AppData\Local\Temp\SRLDetectionLibrary6110100364183381549.dll
C:\Users\Mahisa\AppData\Local\Temp\TwitchDown.exe
C:\Users\Mahisa\AppData\Local\Temp\_is4F5C.exe
C:\Users\Mahisa\AppData\Local\Temp\{E36B1FD8-D2A2-4C8C-AA27-12944AAFB87A}.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 18:56
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Mahisa (10-11-2016 06:04:00)
Running from C:\Users\Mahisa\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-02 11:00:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3103837576-1966484345-1073920839-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3103837576-1966484345-1073920839-1004 - Limited - Enabled)
Guest (S-1-5-21-3103837576-1966484345-1073920839-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3103837576-1966484345-1073920839-1002 - Limited - Enabled)
Mahisa (S-1-5-21-3103837576-1966484345-1073920839-1000 - Administrator - Enabled) => C:\Users\Mahisa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
«Dishonored - GOTY Edition» 1.4.1.0 (HKLM-x32\...\«Dishonored - GOTY Edition»_is1) (Version: 1.4.1.0 - Arkane Studios)
«Homeworld Remastered Collection» 1.2.0.0 (HKLM-x32\...\«Homeworld Remastered Collection»_is1) (Version: 1.2.0.0 - Gearbox)
Action Replay PowerSaves 3DS version 1.42 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.42 - Datel Design & Development)
Ad Muncher v4.94.34121 (Free)  (HKLM-x32\...\Ad Muncher) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Assassin's Creed (HKLM-x32\...\Assassin's Creed_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BatchPurifier (HKLM-x32\...\{94BB283B-5431-4093-8900-69633405FD05}) (Version: 7.00.0000 - Digital Confidence)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blood Haze (HKLM-x32\...\Blood Haze) (Version:  - )
BlueSoleil 9.2.422.1 (HKLM\...\{8AE22409-C267-4D70-A0A0-9A244CEB8942}) (Version: 9.2.422.1 - IVT Corporation)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 7.9 - Codeusa Software)
calibre 64bit (HKLM\...\{9152084E-DEE6-4908-93D0-DC2227FEACB5}) (Version: 2.62.0 - Kovid Goyal)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version:  - )
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version:  - Eidos Montreal)
devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dragonball Xenoverse Bundle Edition (HKLM-x32\...\Dragonball Xenoverse Bundle Edition_is1) (Version:  - )
Empire Earth Gold Edition (HKLM-x32\...\Empire Earth Gold Edition_is1) (Version:  - GOG.com)
Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta) (HKLM-x32\...\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)1.15.0.3s) (Version: 1.15.0.3s - Friends in War)
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version:  - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version:  - Bethesda Softworks)
Fallout 3 Patch v1.8 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.8 - )
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
FreePandoraDownloader 3.0.0 (HKLM-x32\...\49E98237-A151-452b-809D-1D057CF1A4D9_is1) (Version:  - SneakyStreams.com)
Game Launcher version 3.2.1.7 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.7 - Eikester)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version:  - )
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version:  - )
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Gravity Ghost (HKLM-x32\...\R3Jhdml0eUdob3N0_is1) (Version: 1 - )
Greenshot 1.2.8.14 (HKLM\...\Greenshot_is1) (Version: 1.2.8.14 - Greenshot)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HHD Software Free USB Analyzer 7.26 (HKLM\...\HHD Device Monitoring Studio 5.01) (Version: 7.26.0.6304 - HHD Software, Ltd.)
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Littlewitch Romanesque: Editio Regia (HKLM\...\Steam App 349300) (Version:  - Littlewitch)
Lords of the Fallen (HKLM-x32\...\{F3DFAE55-83E3-4BD4-9311-B5AB0C16EFD9}_is1) (Version:  - CI Games)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth. Shadow of Mordor, 粢・ 1.0.0.0 (HKLM-x32\...\Middle-earth. Shadow of Mordor_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Minecraft1.7.8 (HKLM-x32\...\Minecraft1.7.8) (Version:  - )
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Monitor Asset Manager (HKLM-x32\...\{AD0BBBFD-C5E9-4214-A863-E83313D67C0C}_is1) (Version:  - EnTech Taiwan)
Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pillars of Eternity: Royal Edition (HKLM-x32\...\Pillars of Eternity: Royal Edition_is1) (Version:  - )
Planescape Torment (HKLM-x32\...\Planescape Torment_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5 Pillow-3.4.2 (HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\Pillow-py3.5) (Version:  - )
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Shovel Knight_is1) (Version:  - )
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Simple DNSCrypt (HKLM-x32\...\{C0C0E944-6D87-4F0E-9446-3283A4A662A8}) (Version: 0.3.6 - bitbeans)
SmartOCR Lite Edition 1.0 (HKLM-x32\...\{12905F20-5A31-499A-9463-71E5C3EF950B}) (Version: 1.0.70 - Smart Reading)
SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Super Mario World: Dark Horizon (HKLM-x32\...\Super Mario World: Dark Horizon) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.1.0.2 - GOG.com)
The Beginner's Guide (HKLM-x32\...\The Beginner's Guide_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
The Magic Circle (HKLM-x32\...\The Magic Circle_is1) (Version:  - )
The Turing Test (HKLM-x32\...\The Turing Test_is1) (Version:  - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
The Witcher 3 Wild Hunt v.1.0.3 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.21.0.0 - GOG.com)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Valiant Hearts The Great War (HKLM-x32\...\Valiant Hearts The Great War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Victoria 2 Heart of Darkness (HKLM-x32\...\Victoria 2 Heart of Darkness1) (Version: 1 - Friends in War)
Victoria II: Heart of Darkness version 3.03 (HKLM-x32\...\Victoria II: Heart of Darkness_is1) (Version: 3.03 - Paradox Interactive)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.8.1.6658 - Golden Frog, GmbH.)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein The New Order ver. 1.0.0.2 (HKLM-x32\...\{55055055-10AE-00BA-96F5-98DD6F3006AC}_is1) (Version: 1.0.0.2 - Bethesda Game Studios)
Wondershare Filmora(Build 6.6.0) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)
XInput GamePad Support Mod version 2.9.1 (HKLM-x32\...\{BB8DBD35-0E49-4D9F-B23B-AB3C5BB3439C}_is1) (Version: 2.9.1 - Meowmaritus)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Youku Downloader(xmlbar)(remove only) (HKLM-x32\...\Xmlbar YoukuDownloader) (Version:  - )
ZenVPN (HKLM-x32\...\ZenVPN) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1DCFFC82-CADC-4672-8331-FDB63773549A} - System32\Tasks\{C24CFF7E-BBA7-4CA2-878F-2C1DF4F507BA} => E:\Pcsx-R\pcsxr.exe [2015-12-19] (hxxp://pcsxr.codeplex.com/)
Task: {2BA011D3-A28D-464B-9F4B-6644A3A0B5F6} - System32\Tasks\{404A85D5-434A-4FE6-8CEF-2E1826BD4C98} => E:\Fallout New Vegas\FalloutNV.exe [2011-10-18] (Bethesda Softworks)
Task: {2F5464F8-9801-4607-8D43-9230DDDAD05F} - System32\Tasks\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270} - System32\Tasks\{CC184604-3EDE-4B25-A62C-D2790DF3A127} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {73C4DB93-49E8-4D28-A5F9-D6303525FAF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {740BA3AE-E252-4562-AD81-95D58F6F5812} - System32\Tasks\SafeZone scheduled Autoupdate 1455027374 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {77914015-8F1C-4E06-8DCA-1A58043193DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CDB51B9F-7C00-4FDC-9FE5-3DAA4A77B6D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-21] (AVAST Software)
Task: {DE6F1EF0-3EEB-458D-B471-AA9652C277D6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-16] (AVAST Software)
Task: {E23AEC1A-B3E8-4FC2-A04C-50F6B9511103} - System32\Tasks\{974E0B6B-9E72-43D9-8C70-E71B148BEECF} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F9A5CD56-918F-4834-9CFC-D367594499F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Mahisa\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-09 11:00 - 2013-04-09 11:00 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL
2013-04-09 10:59 - 2013-04-09 10:59 - 00029432 _____ () C:\Windows\system32\BsTrace.dll
2014-08-27 11:54 - 2016-08-11 18:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-24 07:27 - 2016-01-12 11:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-04-09 10:58 - 2013-04-09 10:58 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-05-01 21:13 - 2016-07-21 17:27 - 00592384 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll
2013-04-09 10:58 - 2013-04-09 10:58 - 00072952 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-08-02 18:11 - 2013-09-13 23:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 09643265 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
2016-08-25 10:35 - 2016-08-25 10:35 - 03663008 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\SimpleDnsCrypt.exe
2016-07-31 11:02 - 2016-07-31 11:02 - 00597328 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2013-04-09 10:59 - 2013-04-09 10:59 - 00029432 _____ () C:\Windows\System32\BsTrace.dll
2016-11-10 05:46 - 2016-11-10 05:46 - 00468480 _____ () C:\Users\Mahisa\Downloads\CKScanner.exe
2016-10-21 20:10 - 2016-10-21 20:10 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-21 20:10 - 2016-10-21 20:10 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-09 21:21 - 2016-11-09 21:21 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16110900\algo.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 00174448 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\liblzo2-2.dll
2016-06-18 17:42 - 2016-06-18 17:42 - 00112040 _____ () C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\libpkcs11-helper-1.dll
2015-05-06 21:22 - 2016-01-12 11:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-21 17:26 - 2016-07-21 17:26 - 00482304 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\libsodium.dll
2016-07-10 04:01 - 2016-07-10 04:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-09 10:59 - 2013-04-09 10:59 - 00158456 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-08-02 18:10 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-07-07 14:29 - 2016-07-07 14:29 - 00491168 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\libsodium.dll
2016-07-31 11:03 - 2016-07-31 11:03 - 00700832 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-18.dll
2016-07-31 11:03 - 2016-07-31 11:03 - 00130904 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2014-05-01 21:15 - 2016-07-21 17:27 - 00564224 _____ () C:\Users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll
2016-10-27 03:49 - 2016-10-20 15:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-27 03:49 - 2016-10-20 15:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-09 05:41 - 2016-11-09 05:41 - 17772736 _____ () C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [294]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:34 - 2015-02-28 13:37 - 00001699 ____A C:\Windows\system32\Drivers\etc\hosts
 
162.159.240.99 kissanime.com
50.23.213.210    www.memecenter.com
188.132.173.60 i20.mangareader.net127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mahisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 127.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{D375D9B1-9262-4F61-85E2-3C582871C1A9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{2EF3EBE3-5CD7-4879-ADBC-E0325432C3B5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{22CDE263-EBB6-4786-A009-BC230297A69F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{93EEA5BD-0211-4F73-BB78-3D3AB7824BA0}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{4695A371-C017-49A2-BED5-370F494B80A8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EC58CA1B-0883-41AC-8C13-3F4EAFAD7CCB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F0DA46FB-1349-4DA2-8F18-D2CAD0AB34A5}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{1A096E06-C6DF-4C86-BBF8-73643109CA49}C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward.com\portforward network utilities\pfportchecker.exe
FirewallRules: [{C91A3D3B-B67E-4AAF-AA2E-183965D4E9CB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CA9709B-76BE-4692-8570-6B5FFA55E366}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{85ED93C9-E47E-48E9-9C95-B4968251C291}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8C212B62-9743-47FC-B6CF-7C124A3809A9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{209B5FC3-1071-43D6-81B4-825C35C7FB0A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F1ABE94B-E63F-4C59-9770-9FEA51D2BF2D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{690D8C35-438A-465B-A476-B0F4CF6C2F04}C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe] => (Allow) C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe
FirewallRules: [UDP Query User{2B6D07F3-8467-4B41-A26E-5CD7FA526D1D}C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe] => (Allow) C:\program files\nvidia corporation\installer2\display.3dvision.{5318b7e0-d9a7-40e8-8122-96db5112a9f9}\3dvision_332.17.exe
FirewallRules: [TCP Query User{616043F8-1C94-492B-8FC2-D6600568A02F}C:\program files\intel\intel® rapid storage technology\iastoricon.exe] => (Allow) C:\program files\intel\intel® rapid storage technology\iastoricon.exe
FirewallRules: [UDP Query User{DA6C8644-769D-4C14-83E1-CCF1169955C3}C:\program files\intel\intel® rapid storage technology\iastoricon.exe] => (Allow) C:\program files\intel\intel® rapid storage technology\iastoricon.exe
FirewallRules: [{302FFFE7-C521-4BF7-866A-4C2ABAF61795}] => (Allow) E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{5BB6CC33-4FC0-417F-9560-610C5FC4005F}] => (Allow) E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{9D601C9E-B10F-4174-8D93-9E4680908DAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{787F2F97-85B1-4DB3-B276-4F4EB6A55903}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{C27062E8-FBB5-4944-B8F1-DFEC6FE2B3E5}E:\call of duty - black ops 2\t6sp.exe] => (Allow) E:\call of duty - black ops 2\t6sp.exe
FirewallRules: [UDP Query User{B108FA68-5418-4BCE-8EDF-5110575A5613}E:\call of duty - black ops 2\t6sp.exe] => (Allow) E:\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{B123AF40-608C-4056-A54A-4E783CEAEFD0}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [UDP Query User{DF3502EF-D471-4C47-84CC-1F9F45E0B40D}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [TCP Query User{3276FEC3-D541-4831-9BA7-F87FEC371313}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [UDP Query User{A5728639-94C8-4841-BDF6-6279607DB012}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [TCP Query User{5BD1A1B0-3C1D-4E1F-854A-1427F992813E}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [UDP Query User{5190F8B8-91FF-4D47-966E-8616C2D5CEC2}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [{517DC179-BD12-4BAD-9FCD-6CBD48FE23F4}] => (Allow) E:\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{A45C10F2-3F0F-47C9-BF1C-3B57D91966A8}] => (Allow) E:\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{904136AB-3D42-4A8F-B4A1-F8ABFA3EB161}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CBA0280B-789C-4254-B547-83A3870705D3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{11E9B88B-7315-43F2-BA9F-90AFEEC9A88C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{1638C232-4C5C-45A1-80A0-0A8B43ADA2E0}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{33485F74-4B06-496E-87AF-9ABAEDE1F7D3}] => (Allow) E:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B9D49D04-A7C8-4FB1-8004-A3455FDFAD0B}] => (Allow) E:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{E3715510-84EF-426F-A0D3-8BA71D5F4E59}] => (Allow) E:\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{E8D466D1-F8B0-49A3-9BFB-6015D2EB1674}] => (Allow) E:\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{1ABD50F9-70FB-4C12-AB96-9B68DF282BCF}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{AFADBFFE-3249-4A8B-9BCE-30806C3FCE35}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{6B339A7D-2435-453A-BDB9-CB68D50DB775}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{9AF5E521-ADD5-4370-84EC-9DD8CAB7059E}] => (Allow) C:\Users\Mahisa\Desktop\perfect dark.exe
FirewallRules: [{919EC0B1-9D7B-41DC-95A4-49AED67440B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{55B20887-F4CE-4964-8F59-3B5A5C9D7783}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{795C76A5-5CB6-4AF7-AC6C-ED4D01F0BA1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{029F930E-09D0-4F1B-8A00-3DF5AD3CF670}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{285D9D3A-EE7A-41D9-A24B-315FA0CAFE56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35C57B36-C010-4BD2-BA32-17486B827EB5}] => (Allow) E:\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{ECCACEAA-3134-4AC8-B008-5D90B517A7D5}] => (Allow) E:\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{3BB38A10-FBF0-4A91-8451-A9672CC448CF}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0521CF17-C4C7-448C-ADD4-9BC1537F542B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{70268215-3025-4658-B901-EE32840906C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{13440E8C-0573-403E-B096-348E9A92DCA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D8E74935-0B75-4C14-B5D1-EDA46E647804}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{F65F977F-B61A-4B40-B0AD-4B81B2391742}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{CBCC260F-77C1-4BAE-AF0E-4C239E81DB49}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{B579E6AB-9036-4332-A9F9-D2953063C267}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
FirewallRules: [{0C2E9EEA-4006-4E5E-A42C-3C7DA58F3FEB}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{DD22D97D-9F45-4DB3-AD98-A70FC2FE8DEE}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{D1A54D0C-B1C8-43C7-9E37-860BC8DAFA7D}] => (Allow) E:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{9C9EB2CA-B78A-4443-B806-471C0A3FC419}] => (Allow) E:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{E57FE2FD-AB80-44A6-9B1F-A59389302457}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{26895345-D87B-4EA0-AF30-64D49F75D0A2}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{A25CB2D4-1611-4F9A-854A-A6F29AB2EDD5}E:\starcraft ii\support64\sc2editor_x64.exe] => (Allow) E:\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{6DBB40A1-B19B-4BBF-A4E8-88AAA15BA4F2}E:\starcraft ii\support64\sc2editor_x64.exe] => (Allow) E:\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{906C4246-FDEB-4FF3-9151-043BF25538E5}] => (Allow) E:\StarCraft II\Versions\Base38996\SC2.exe
FirewallRules: [{7582BD09-62CD-4365-BFA7-E109968E23D0}] => (Allow) E:\StarCraft II\Versions\Base38996\SC2.exe
FirewallRules: [{82F2F9F0-C9EA-4C63-BB28-23503FC9EA17}] => (Allow) E:\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E77CC0A7-8280-48E7-947E-5EB80CB9A97A}] => (Allow) E:\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [TCP Query User{C6854D43-6E03-4B6D-9241-A1B930FDDF41}E:\starcraft ii\support\sc2editor.exe] => (Allow) E:\starcraft ii\support\sc2editor.exe
FirewallRules: [UDP Query User{CED00326-48DD-477A-BEEB-687C7CEC8D5C}E:\starcraft ii\support\sc2editor.exe] => (Allow) E:\starcraft ii\support\sc2editor.exe
FirewallRules: [{D79D3230-235F-43D8-AC00-E4650A0A8195}] => (Allow) E:\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [{BE540F83-53C6-4A68-A348-899D60A09911}] => (Allow) E:\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{E8C70047-AC7A-4C7E-9D33-F02158FF0507}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [UDP Query User{BCF9E6FD-DCCA-4830-B862-D9A415D47AF0}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [{5DC6E0CF-E484-4FC0-8B0A-DF0A00B27B82}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2_x64.exe
FirewallRules: [{75FAB449-94C3-4B01-A194-F5741505FF4C}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2_x64.exe
FirewallRules: [{4E7CE0CC-CEEC-4270-BD58-50400B588382}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2.exe
FirewallRules: [{E2303D84-437E-4E2A-BFC9-AE5729061078}] => (Allow) E:\StarCraft II\Versions\Base42253\SC2.exe
FirewallRules: [{0ED75C15-B4D5-4A9B-8D3D-16C257159A0A}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{288F93F7-A87C-497E-8D29-4184D24F9811}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{158A12F0-5BB8-49D9-A104-83E977163BB4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8E8961A-B282-4F61-9401-CBDBD77A1409}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D2CC316B-B86A-46CA-B509-6B164A995519}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2_x64.exe
FirewallRules: [{9217CA92-B7F0-457E-9FEC-5C74D96BFD85}] => (Allow) E:\StarCraft II\Versions\Base42932\SC2_x64.exe
FirewallRules: [{6CF2047D-2536-4655-AE35-C27B1C2B73B9}] => (Allow) E:\StarCraft II\Versions\Base43478\SC2_x64.exe
FirewallRules: [{C07DDA33-395B-4EB1-A129-647400464B61}] => (Allow) E:\StarCraft II\Versions\Base43478\SC2_x64.exe
FirewallRules: [{784CC263-3D18-4F57-BB35-5B2D0633DD40}] => (Allow) E:\StarCraft II\Versions\Base44401\SC2_x64.exe
FirewallRules: [{4D81CC25-E83F-4288-805E-5EE9AF02F539}] => (Allow) E:\StarCraft II\Versions\Base44401\SC2_x64.exe
FirewallRules: [TCP Query User{E18B0B98-18CB-489C-BE28-14960687BC3A}C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe] => (Allow) C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe
FirewallRules: [UDP Query User{CB4DA1F7-5806-4D09-8A67-DF4DC3FA2640}C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe] => (Allow) C:\users\mahisa\desktop\dnscrypt-winclient-master\binaries\release\dnscrypt-proxy.exe
FirewallRules: [{A4FBB6C4-5E79-421D-910B-404705C916ED}] => (Allow) E:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{F6F5630F-5442-4586-B3D5-173CBA47D0FD}] => (Allow) E:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [TCP Query User{4694FC58-88DB-4651-BFFB-9F465E60401B}E:\empire earth gold edition\empire earth\empire earth.exe] => (Block) E:\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [UDP Query User{7DED4C95-7713-4FFA-81DA-4302607A4420}E:\empire earth gold edition\empire earth\empire earth.exe] => (Block) E:\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [{E2C7857A-CBB4-4CC0-9DB4-5341ECBBB6CB}] => (Allow) C:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{94EE4CDD-789A-4B0E-8407-6E216B8C2F69}] => (Allow) C:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{77596719-272F-47DD-BB0F-5D3BC5A0D1F9}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{EDBD2000-39CF-498A-8720-5BCFAD62B8C0}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{DCF64B88-2005-4D56-A695-60645D9F1B17}] => (Allow) G:\Program Files\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{BE3651CA-C9B8-43A3-9F25-D35D3BD69976}] => (Allow) G:\Program Files\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{660C5D4D-D27D-4319-AF47-225BD2196BD2}] => (Allow) H:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{697031EE-2061-421A-A820-B21E990238C7}] => (Allow) H:\StarCraft II\Versions\Base44983\SC2_x64.exe
FirewallRules: [{A8ED5D16-D9DD-4A24-AD0A-E810A4B193E6}] => (Allow) H:\StarCraft II\Versions\Base46154\SC2_x64.exe
FirewallRules: [{3E7C8354-5BAB-4AD8-95F9-006AFBDCE01D}] => (Allow) H:\StarCraft II\Versions\Base46154\SC2_x64.exe
FirewallRules: [{6F4FEABD-90DB-40F0-B755-AC3F482F5C4B}] => (Allow) G:\Program Files\Steam\steamapps\common\Littlewitch Romanesque Editio Regia\Littlewitch.exe
FirewallRules: [{28960E8F-E0DB-41AA-B7B1-17FE3A36B08C}] => (Allow) G:\Program Files\Steam\steamapps\common\Littlewitch Romanesque Editio Regia\Littlewitch.exe
FirewallRules: [{0A93BB37-CD43-4570-9118-50E5712B872B}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2_x64.exe
FirewallRules: [{933F85A6-8E41-4293-BAC5-F4E3A997221D}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2_x64.exe
FirewallRules: [{852A7332-82B7-40C4-85AB-8DFE98F5D676}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{6F26FB81-CBA7-4264-8B40-B181C6377A4C}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{38F37921-79A5-4BB1-ACBB-21736B05A306}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4BBBC45A-22F6-48C5-8381-236874B50410}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{DC7B0F50-119A-48EA-866F-D77C47291E97}] => (Allow) H:\StarCraft II\Versions\Base47185\SC2.exe
 
==================== Restore Points =========================
 
26-10-2016 16:11:06 Installed DirectX
02-11-2016 19:23:07 Scheduled Checkpoint
10-11-2016 00:00:01 Scheduled Checkpoint
10-11-2016 05:47:33 Removed Adobe Acrobat DC.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2016 05:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2016 11:57:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 10:47:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 08:07:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 05:15:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 12:03:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 06:56:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2016 12:52:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/07/2016 05:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/07/2016 12:03:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/09/2016 05:11:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (11/09/2016 11:57:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (11/08/2016 10:47:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (11/08/2016 10:47:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:22:05 PM on ‎11/‎8/‎2016 was unexpected.
 
Error: (11/08/2016 09:31:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (11/08/2016 09:31:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (11/08/2016 09:31:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (11/08/2016 08:07:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (11/08/2016 05:15:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (11/08/2016 12:03:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
 
CodeIntegrity:
===================================
  Date: 2016-10-21 20:06:15.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:35.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:35.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:35.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:34.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:34.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 20:05:34.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 16:04:14.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 16:03:29.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-21 16:03:29.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 16270.94 MB
Available physical RAM: 10798.87 MB
Total Virtual: 48811 MB
Available Virtual: 43049.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:292.97 GB) (Free:44.56 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:638.44 GB) (Free:122.59 GB) NTFS
Drive f: (Sid Meiers Civilization VI) (CDROM) (Total:4.86 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:201.63 GB) (Free:59.17 GB) NTFS
Drive h: () (Fixed) (Total:263.59 GB) (Free:36.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 78B7D15C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8097639D)
Partition 1: (Not Active) - (Size=201.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=263.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 09 November 2016 - 06:33 PM

Greetings and thank you.

Did you create an Australian Proxy Server Setting?
 

ProxyServer: [S-1-5-21-3103837576-1966484345-1073920839-1000] => 101.178.91.233:80


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {67b2f140-28f0-11e4-82b9-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {fd2a5893-1aae-11e4-85c2-806e6f6e6963} - D:\Run.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
U3 axswt2f7; C:\Windows\System32\Drivers\axswt2f7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\Drivers\axswt2f7.sys
C:\Users\Mahisa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mahisa\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\libeay32.dll
C:\Users\Mahisa\AppData\Local\Temp\mirc736.exe
C:\Users\Mahisa\AppData\Local\Temp\msvcr120.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Mahisa\AppData\Local\Temp\QuickSupport.exe
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s13g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s16o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s1us.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s2s0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s3v8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s40c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s4rs.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5fk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5t4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s66o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6p4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6s4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7jk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7no.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7rc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7uc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s84c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s860.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8jg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8r8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9gc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9pg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9r0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sa0s.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb2c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb98.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sbic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_spo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s1ls.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s2vc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s57g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6d0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ok.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s77k.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7eo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8b0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8oc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8vo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s91c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s988.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9co.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9m0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sa04.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sadk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sae0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_san8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_saog.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sb14.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbbg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbdo.dll
C:\Users\Mahisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahisa\AppData\Local\Temp\SRLDetectionLibrary6110100364183381549.dll
C:\Users\Mahisa\AppData\Local\Temp\TwitchDown.exe
C:\Users\Mahisa\AppData\Local\Temp\_is4F5C.exe
C:\Users\Mahisa\AppData\Local\Temp\{E36B1FD8-D2A2-4C8C-AA27-12944AAFB87A}.exe
Task: {2F5464F8-9801-4607-8D43-9230DDDAD05F} - System32\Tasks\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270} - System32\Tasks\{CC184604-3EDE-4B25-A62C-D2790DF3A127} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {E23AEC1A-B3E8-4FC2-A04C-50F6B9511103} - System32\Tasks\{974E0B6B-9E72-43D9-8C70-E71B148BEECF} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [294]
FirewallRules: [TCP Query User{22CDE263-EBB6-4786-A009-BC230297A69F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{93EEA5BD-0211-4F73-BB78-3D3AB7824BA0}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{B123AF40-608C-4056-A54A-4E783CEAEFD0}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [UDP Query User{DF3502EF-D471-4C47-84CC-1F9F45E0B40D}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [TCP Query User{3276FEC3-D541-4831-9BA7-F87FEC371313}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [UDP Query User{A5728639-94C8-4841-BDF6-6279607DB012}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [TCP Query User{5BD1A1B0-3C1D-4E1F-854A-1427F992813E}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [UDP Query User{5190F8B8-91FF-4D47-966E-8616C2D5CEC2}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BDCC07B0-928E-4489-9A2A-72FF3591CBB9}: [DhcpNameServer] 10.8.0.1
Hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Proxy Server?
  • Fixlog
  • Combofix log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 10 November 2016 - 09:30 AM

I have ZenVPN as my proxy. And I also use Dnscrypt to bypass the DNS poisoning my government is doing to block certain sites.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Mahisa (10-11-2016 20:58:52) Run:1
Running from C:\Users\Mahisa\Downloads
Loaded Profiles: Mahisa (Available Profiles: Mahisa & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {67b2f140-28f0-11e4-82b9-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\...\MountPoints2: {fd2a5893-1aae-11e4-85c2-806e6f6e6963} - D:\Run.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Toolbar: HKU\S-1-5-21-3103837576-1966484345-1073920839-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
U3 axswt2f7; C:\Windows\System32\Drivers\axswt2f7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\Drivers\axswt2f7.sys
C:\Users\Mahisa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mahisa\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mahisa\AppData\Local\Temp\libeay32.dll
C:\Users\Mahisa\AppData\Local\Temp\mirc736.exe
C:\Users\Mahisa\AppData\Local\Temp\msvcr120.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Mahisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Mahisa\AppData\Local\Temp\QuickSupport.exe
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s13g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s16o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s1us.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s2s0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s3v8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s40c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s4rs.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5fk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5t4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s66o.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6p4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6s4.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7jk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7no.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7rc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7uc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s84c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s860.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8jg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8r8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9gc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9pg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9r0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sa0s.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb2c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb98.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sbic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_spo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s1ls.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s2vc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3e0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3lg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s57g.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6c8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6d0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ok.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s77k.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7eo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7uo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8b0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ic.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8oc.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ro.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8vo.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s91c.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s988.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9ac.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9co.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9m0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sa04.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sadk.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sae0.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_san8.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_saog.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sb14.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbbg.dll
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbdo.dll
C:\Users\Mahisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahisa\AppData\Local\Temp\SRLDetectionLibrary6110100364183381549.dll
C:\Users\Mahisa\AppData\Local\Temp\TwitchDown.exe
C:\Users\Mahisa\AppData\Local\Temp\_is4F5C.exe
C:\Users\Mahisa\AppData\Local\Temp\{E36B1FD8-D2A2-4C8C-AA27-12944AAFB87A}.exe
Task: {2F5464F8-9801-4607-8D43-9230DDDAD05F} - System32\Tasks\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270} - System32\Tasks\{CC184604-3EDE-4B25-A62C-D2790DF3A127} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {E23AEC1A-B3E8-4FC2-A04C-50F6B9511103} - System32\Tasks\{974E0B6B-9E72-43D9-8C70-E71B148BEECF} => pcalua.exe -a C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [294]
FirewallRules: [TCP Query User{22CDE263-EBB6-4786-A009-BC230297A69F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{93EEA5BD-0211-4F73-BB78-3D3AB7824BA0}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{B123AF40-608C-4056-A54A-4E783CEAEFD0}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [UDP Query User{DF3502EF-D471-4C47-84CC-1F9F45E0B40D}D:\crack\crack skidrow\t6mp.exe] => (Block) D:\crack\crack skidrow\t6mp.exe
FirewallRules: [TCP Query User{3276FEC3-D541-4831-9BA7-F87FEC371313}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [UDP Query User{A5728639-94C8-4841-BDF6-6279607DB012}D:\crack\crack skidrow\t6sp.exe] => (Block) D:\crack\crack skidrow\t6sp.exe
FirewallRules: [TCP Query User{5BD1A1B0-3C1D-4E1F-854A-1427F992813E}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
FirewallRules: [UDP Query User{5190F8B8-91FF-4D47-966E-8616C2D5CEC2}E:\call of duty - black ops 2\t6mp.exe] => (Allow) E:\call of duty - black ops 2\t6mp.exe
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BDCC07B0-928E-4489-9A2A-72FF3591CBB9}: [DhcpNameServer] 10.8.0.1
Hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67b2f140-28f0-11e4-82b9-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{67b2f140-28f0-11e4-82b9-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd2a5893-1aae-11e4-85c2-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{fd2a5893-1aae-11e4-85c2-806e6f6e6963} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. 
HKU\S-1-5-21-3103837576-1966484345-1073920839-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
 
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:
 
Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
axswt2f7 => service not found.
gdrv => service removed successfully
VGPU => service removed successfully
"C:\Windows\System32\Drivers\axswt2f7.sys" => not found.
C:\Users\Mahisa\AppData\Local\Temp\drm_dialogs.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\drm_dyndata_7370014.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\mirc736.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\QuickSupport.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s13g.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s16o.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s1us.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s2s0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s3v8.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s40c.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s4rs.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5fk.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s5t4.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s66o.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6p4.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s6s4.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7jk.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lg.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7lk.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7no.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7rc.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s7uc.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s84c.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s860.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8e0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8jg.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8r8.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s8uo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9c8.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9gc.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9pg.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_s9r0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sa0s.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb2c.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sb98.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_sbic.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw32_spo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s1ls.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s2vc.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3e0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s3lg.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s57g.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ac.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6c8.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6d0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s6ok.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s77k.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7eo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7ro.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s7uo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8b0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ic.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8oc.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8ro.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s8vo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s91c.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s988.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9ac.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9co.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_s9m0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sa04.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sadk.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sae0.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_san8.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_saog.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sb14.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbbg.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\rldfw64_sbdo.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\SRLDetectionLibrary6110100364183381549.dll => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\TwitchDown.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\_is4F5C.exe => moved successfully
C:\Users\Mahisa\AppData\Local\Temp\{E36B1FD8-D2A2-4C8C-AA27-12944AAFB87A}.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F5464F8-9801-4607-8D43-9230DDDAD05F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5464F8-9801-4607-8D43-9230DDDAD05F}" => key removed successfully
C:\Windows\System32\Tasks\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F0A474D-5860-46C4-9F43-A7F7F4566AC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8D9540-C99C-4F48-9DDC-E1E0CD2BC270}" => key removed successfully
C:\Windows\System32\Tasks\{CC184604-3EDE-4B25-A62C-D2790DF3A127} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC184604-3EDE-4B25-A62C-D2790DF3A127}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E23AEC1A-B3E8-4FC2-A04C-50F6B9511103}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E23AEC1A-B3E8-4FC2-A04C-50F6B9511103}" => key removed successfully
C:\Windows\System32\Tasks\{974E0B6B-9E72-43D9-8C70-E71B148BEECF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{974E0B6B-9E72-43D9-8C70-E71B148BEECF}" => key removed successfully
C:\ProgramData\TEMP => ":05E9FFE5" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{22CDE263-EBB6-4786-A009-BC230297A69F}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{93EEA5BD-0211-4F73-BB78-3D3AB7824BA0}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B123AF40-608C-4056-A54A-4E783CEAEFD0}D:\crack\crack skidrow\t6mp.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF3502EF-D471-4C47-84CC-1F9F45E0B40D}D:\crack\crack skidrow\t6mp.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3276FEC3-D541-4831-9BA7-F87FEC371313}D:\crack\crack skidrow\t6sp.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A5728639-94C8-4841-BDF6-6279607DB012}D:\crack\crack skidrow\t6sp.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5BD1A1B0-3C1D-4E1F-854A-1427F992813E}E:\call of duty - black ops 2\t6mp.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5190F8B8-91FF-4D47-966E-8616C2D5CEC2}E:\call of duty - black ops 2\t6mp.exe => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BDCC07B0-928E-4489-9A2A-72FF3591CBB9}\\DhcpNameServer => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-11-2016 21:02:39)
 
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move
 
==== End of Fixlog 21:02:42 ====
 
ComboFix 16-11-06.01 - Mahisa 10/11/2016  21:13:58.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16271.12936 [GMT 7:00]
Running from: c:\users\Mahisa\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mahisa\AppData\Roaming\Local
c:\users\Mahisa\AppData\Roaming\Local\Microsoft\Windows\GameExplorer\Fallout 3\GameuxInstallHelper.dll
c:\users\Mahisa\AppData\Roaming\Local\Microsoft\Windows\GameExplorer\GameuxInstallHelper.dll
c:\users\Mahisa\Desktop\Setup.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\IVTCredentialProvider.dll
c:\windows\SysWow64\DEBUG.log
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-10-10 to 2016-11-10  )))))))))))))))))))))))))))))))
.
.
2016-11-10 10:27 . 2016-11-10 10:27 -------- d-----w- c:\users\Mahisa\AppData\Local\gtk-2.0
2016-11-10 10:20 . 2016-11-10 10:27 -------- d-----w- c:\users\Mahisa\AppData\Roaming\HexChat
2016-11-10 10:20 . 2016-11-10 10:20 -------- d-----w- c:\program files\HexChat
2016-11-07 18:00 . 2016-11-07 18:00 -------- d-----w- c:\program files\Greenshot
2016-11-03 10:45 . 2016-11-10 14:02 -------- d-----w- C:\FRST
2016-10-26 09:17 . 2016-10-26 09:17 -------- d-----w- c:\users\Mahisa\AppData\Roaming\FiraxisLive
2016-10-22 15:25 . 2016-10-22 15:25 -------- d-----w- c:\users\Mahisa\AppData\Local\pip
2016-10-22 15:10 . 2016-10-22 15:10 -------- d-----w- c:\users\Mahisa\AppData\Local\Package Cache
2016-10-22 14:53 . 2016-10-22 14:53 -------- d-----w- c:\users\Mahisa\.idlerc
2016-10-21 19:34 . 2016-10-21 19:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2016-10-21 19:16 . 2016-10-21 19:16 -------- d-----w- c:\users\Mahisa\AppData\Roaming\TeamViewer
2016-10-21 19:03 . 2016-10-21 19:35 -------- d-----w- c:\programdata\HitmanPro
2016-10-21 17:47 . 2016-10-21 17:47 -------- d-----w- c:\programdata\Malwarebytes
2016-10-21 17:40 . 2016-10-21 17:42 -------- d-----w- C:\AdwCleaner
2016-10-21 13:11 . 2016-10-21 13:11 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2016-10-21 13:10 . 2016-10-21 13:10 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-10-21 13:10 . 2016-10-21 13:10 53208 ----a-w- c:\windows\avastSS.scr
2016-10-19 14:48 . 2016-10-19 14:49 -------- d-----w- C:\devkitPro
2016-10-19 14:37 . 2016-10-19 14:40 -------- d-----w- C:\Python27
2016-10-14 19:44 . 2016-10-14 19:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.8508.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-21 13:11 . 2014-08-14 03:47 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-21 13:11 . 2014-08-14 03:47 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-10-21 13:11 . 2014-08-14 03:47 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-10-21 13:10 . 2014-08-14 03:47 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-10-21 13:10 . 2014-08-14 03:47 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-10-21 13:10 . 2014-08-14 03:47 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-10-21 13:10 . 2014-08-14 03:47 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-10-21 13:10 . 2014-08-14 03:46 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-10-21 13:10 . 2016-02-09 11:05 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-10-10 19:18 . 2016-09-16 20:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.8032.dll
2016-10-08 20:29 . 2016-10-08 20:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.5600.dll
2016-10-07 19:43 . 2016-10-07 19:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.976.dll
2016-10-01 22:53 . 2016-10-01 22:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.1832.dll
2016-09-30 21:07 . 2016-09-30 21:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.8220.dll
2016-09-29 20:29 . 2016-09-29 20:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.8656.dll
2016-09-25 21:35 . 2016-09-25 21:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.3300.dll
2016-09-19 20:44 . 2016-09-19 20:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.5616.dll
2016-08-29 20:49 . 2016-08-29 20:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.4532.dll
2016-08-27 21:56 . 2016-08-27 21:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.1268.dll
2016-08-20 19:36 . 2016-08-20 19:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.7972.dll
2016-08-19 21:51 . 2016-08-19 21:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.1644.dll
2016-08-16 20:42 . 2016-08-16 20:42 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AC63D36-7D7B-444F-A766-968ADED4D6D5}\offreg.7440.dll
2016-08-16 05:19 . 2016-08-24 00:42 54728 ----a-w- c:\windows\system32\nvhdap64.dll
2016-08-16 05:19 . 2016-08-24 00:42 223304 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2016-08-16 05:19 . 2014-08-27 04:54 1588688 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-07-21 10:27 564224 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-07-21 10:27 564224 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-07-21 10:27 564224 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2014-02-20 1553688]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-08 9044392]
"Ad Muncher"="e:\ad muncher\AdMunch.exe" [2015-08-11 560760]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2015-10-10 3]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2013-04-09 429304]
"zenvpn"="c:\program files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe" [2016-06-18 9643265]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-21 598552]
.
c:\users\Mahisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Borderless Gaming.lnk - e:\borderless gaming\BorderlessGaming.exe -silent -minimize [2015-3-5 209920]
MEGAsync.lnk - c:\users\Mahisa\AppData\Local\MEGAsync\MEGAsync.exe [2015-12-16 5128144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 se64a;EnTech softEngine;c:\windows\system32\drivers\se64a.sys;c:\windows\SYSNATIVE\drivers\se64a.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 dnscrypt-proxy;dnscrypt-proxy;c:\program files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe;c:\program files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S3 hhdusbh64;HHD Software USB Monitoring Filter Driver;c:\windows\system32\DRIVERS\hhdusbh64.sys;c:\windows\SYSNATIVE\DRIVERS\hhdusbh64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
S3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-26 20:49 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 19:10]
.
2016-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-10-12 03:25 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-10-12 03:25 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-10-12 03:25 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-07-21 10:27 592384 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-07-21 10:27 592384 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-07-21 10:27 592384 ----a-w- c:\users\Mahisa\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-10-21 13:10 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-10-03 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-03 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-03 769520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-12 2787264]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-01-12 1860120]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2016-11-03 528384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 101.178.91.233:80
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.1
TCP: Interfaces\{2E0ABC64-7FEF-4ADE-B78A-138287F8BDF1}: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{85973D73-BD36-4B44-AEDD-50A1501F9211}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C485BB98-D6F1-4E51-A937-FDC73E0C285F}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Grand Theft Auto V_is1 - e:\grand theft auto v\unins000.exe
AddRemove-R3Jhdml0eUdob3N0_is1 - e:\gravity ghost\unins000.exe
AddRemove-Steam App 221380 - e:\steam\steam.exe
AddRemove-Steam App 24240 - e:\steam\steam.exe
AddRemove-Steam App 391540 - e:\steam\steam.exe
AddRemove-Super Mario World: Dark Horizon - e:\super mario world dark horizon\Uninstal.exe
AddRemove-The Witcher 3 Wild Hunt_is1 - e:\the witcher 3 wild hunt\unins000.exe
AddRemove-{55055055-10AE-00BA-96F5-98DD6F3006AC}_is1 - e:\wolfenstein the new order\Uninstall\unins000.exe
AddRemove-{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1 - e:\grand theft auto iv - episodes from liberty city\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3103837576-1966484345-1073920839-1000_Classes\Wow6432Node\CLSID\{52231f7e-915a-49ce-81e6-6b0213db1683}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000129
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3103837576-1966484345-1073920839-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d7,f1,c3,7f,7b,c5,98,c1,87,7d,80,12,28,28,03,21,0a,10,b1,bc,72,
   c7,9b,16,98,06,54,6e,04,5c,04,7d,b0,2a,e9,b6,f7,39,50,1f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe
c:\program files (x86)\ZenVPN OpenVPN bundle\bin\openvpn.exe
c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2016-11-10  21:27:00 - machine was rebooted
ComboFix-quarantined-files.txt  2016-11-10 14:27
.
Pre-Run: 63.770.361.856 bytes free
Post-Run: 65.974.906.880 bytes free
.
- - End Of File - - 5BBCE0A8C43613FC23EB8FAF2F05E294
A36C5E4F47E84449FF07ED3517B43A31
 
My computer runs fine. There's still some suspicious cookies asking to be accepted though.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 10 November 2016 - 09:39 AM

Thank you. Are they the below cookies and only with Chrome?
 

connectionstrenth.com and urlvalidation.com

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 10 November 2016 - 10:05 AM

 

Thank you. Are they the below cookies and only with Chrome?
 

connectionstrenth.com and urlvalidation.com

 

 

 

Thank you. Are they the below cookies and only with Chrome?
 

connectionstrenth.com and urlvalidation.com

 

 

Yeah, those.

 

Not sure. I only use Chrome.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 10 November 2016 - 10:15 AM

Thank you, please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 10 November 2016 - 11:00 AM

Oh bleep, I think it works.

 

Dunno which extension caused it.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 10 November 2016 - 12:51 PM

OK, please do this.

===================================================

Manually Troubleshooting Google Chrome Plug-ins and Extensions

--------------------
  • Launch Chrome normally
  • In the address bar type chrome://plugins and press Enter
  • Click Disable on all plugins
  • Enable one plugin at a time, restart Chrome and check the performance
  • In the address bar type chrome://extensions and press Enter
  • Uncheck any checked items
  • Enable one extension at a time, restart Chrome and check the performance
  • Identify and report any plugins or extensions causing problems
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 11 November 2016 - 01:17 AM

I think turning off some of my extensions worked. The cookies don't appear anymore.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:43 AM

Posted 11 November 2016 - 10:10 AM

Very good, let's run these programs.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 11 November 2016 - 11:47 PM

C:\Program Files\NVIDIA Corporation\Installer2\installer.{9E7997F3-5EFE-45FD-9FEB-83B9E7E5E5FA}\progress.htm Win32/Ramnit.A virus cleaned
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
C:\Users\Mahisa\Desktop\downloads\Adobe Acrobat XI Pro 11.0.7 Multilanguage [ChingLiu]\patch MPT\adobe.acrobat.xi.pro.patch-MPT.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Users\Mahisa\Desktop\downloads\Adobe Photoshop CC 2014 (v15.2.2) x86-x64 RUS-ENG Update 2 by Monkrud -=TEAM OS=-{HKRG}\Adobe.Photoshop.CC.2014.u2.x86-x64.RU-EN.iso a variant of Win32/Keygen.HA potentially unsafe application deleted
C:\Users\Mahisa\Downloads\epm.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\Mahisa\Downloads\MESH-FTS.iso Win64/HackTool.Crack.D potentially unsafe application deleted
C:\Users\Mahisa\Downloads\PhotoScape_V3.6.2.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Mahisa\Downloads\PowerISO6-x64.zip a variant of Win32/DealPly.BX potentially unwanted application deleted
C:\Users\Mahisa\Downloads\Compressed\ChiiTrans.zip a variant of Win32/AGTH.A potentially unwanted application deleted
C:\Users\Mahisa\Downloads\Compressed\translation aggregator 0.4.9.r171.rar a variant of Win32/AGTH.A potentially unwanted application deleted
C:\Users\Mahisa\Downloads\Compressed\Translation Aggregator 0.4.9.r171_2.rar a variant of Win32/AGTH.A potentially unwanted application deleted
C:\Users\Mahisa\Downloads\Programs\DTLite4491-0356.exe Win32/DownWare.L potentially unwanted application deleted
C:\Users\Mahisa\Downloads\Programs\xray.exe a variant of Win32/InstallCore.ADX.gen potentially unwanted application cleaned by deleting
E:\BioShock Infinite\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
E:\ChiiTrans\agth\agth.dll a variant of Win32/AGTH.A potentially unwanted application cleaned by deleting
E:\Download\Wondershare Filmora Build 6.6.0-NEOSOFT.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
E:\Download\Adobe Acrobat Pro DC v2015.016.20045 Final\Crack\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting
E:\Download\Adobe Acrobat Pro DC v2015.016.20045 Final\Crack\xf-acrodc2015.exe a variant of Win32/Keygen.HA potentially unsafe application cleaned by deleting
E:\Download\Dragonball.Xenoverse.Bundle.Edition-PLAZA\plaza-dragonball.xenoverse.bundle.edition.iso a variant of Win32/HackTool.Crack.ES potentially unsafe application deleted
E:\Download\Sid.Meiers.Civilization.VI.Proper-RELOADED\rld-civ6.iso a variant of Win64/HackTool.Crack.H potentially unsafe application deleted (after the next restart)
E:\Essential Software\Microsoft Office 2010\Office 2010 Toolkit.rar a variant of MSIL/HackKMS.A potentially unsafe application deleted
E:\Middle-earth. Shadow of Mordor\x64\steam_api64.dll Win64/HackTool.Crack.D potentially unsafe application cleaned by deleting
E:\R.G. Catalyst\Dishonored - GOTY Edition\Binaries\Win32\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting
E:\Translation Aggregator 0.4.9.r171\agth.dll a variant of Win32/AGTH.A potentially unwanted application cleaned by deleting
E:\Wolfenstein The Old Blood\Wolfenstein The Old Blood\steam_api64.dll a variant of Win64/HackTool.Crack.E potentially unsafe application cleaned by deleting
G:\Program Files\Cheat Engine 6.5.1\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
G:\Users\Mahisa\Downloads\BitlordSetup.exe a variant of Win32/InstallCore.AIV potentially unwanted application cleaned by deleting
G:\Users\Mahisa\Downloads\CheatEngine651.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
G:\Users\Mahisa\Downloads\windows.7.codec.pack.v4.1.6.setup.exe a variant of Win32/Spigot.B potentially unwanted application deleted
H:\Grand Theft Auto V\3dmgame.dll a variant of Win64/HackTool.Crack.C potentially unsafe application cleaned by deleting
H:\Grand Theft Auto V\steam_api64.dll Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
H:\Grand Theft Auto V\old crack\3dmgame.dll a variant of Win64/HackTool.Crack.C potentially unsafe application cleaned by deleting
H:\Sid Meiers Civilization VI\Base\Binaries\Win64Steam\steam_api64.dll a variant of Win64/HackTool.Crack.H potentially unsafe application cleaned by deleting
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome (53.0.2785.143) 
 Google Chrome (54.0.2840.71) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 
My computer is running fine.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users