Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help...my computer so so so so slow


  • This topic is locked This topic is locked
4 replies to this topic

#1 esa123

esa123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 September 2017 - 02:06 AM

as the tittle ..

please help me

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by robby (administrator) on DESKTOP-FD2QLSR (08-09-2017 23:58:52)
Running from C:\Users\robby\Desktop\gudang
Loaded Profiles: robby (Available Profiles: robby)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Subhra Das Gupta) C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-03-29] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-01] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Run: [XDM] => C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{f2ee9873-0daf-41f4-af5b-265b1c65285d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f2ee9873-0daf-41f4-af5b-265b1c65285d}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4bfab2fe4c17214bdd&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITopQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ9ISk3vFJdJ6IXwVVdJmoWvFQ4JqYVNVQ4IWYUNVU9GqYVNUI3wGYGwVQ9ISoUwVQ9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6oVvFI9JCoXvFRdJCIWvFE9I6IWNVU9JCk3wVxdJ6k3NVQ4JmISwVVdJmoXNVU9IaYVNVI9JaYVvFJdJ6oVvmpdJ6k4vmo4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVRdISk3vFE4JaYUvmldJCISNVQ4Jmk3NVU9I6oUwVQ3vCoWwVw3vmk4wVRdJmISvFRdISIVNVA3vCoWwVNdIGYWvmo4ICk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcNaN9NGRaNqt8QGR7BHFaISopzU0aCaV6CaNcC78kBrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJoYbyd%3D%3D&param2=NGB6NqB6MqpcNJ%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> DefaultScope {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> {A0760D9C-C837-487A-92F2-C251A28B4AAE} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4bfab2fe4c17214bdd&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITopQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ9ISk3vFJdJ6IXwVVdJmoWvFQ4JqYVNVQ4IWYUNVU9GqYVNUI3wGYGwVQ9ISoUwVQ9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6oVvFI9JCoXvFRdJCIWvFE9I6IWNVU9JCk3wVxdJ6k3NVQ4JmISwVVdJmoXNVU9IaYVNVI9JaYVvFJdJ6oVvmpdJ6k4vmo4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVRdISk3vFE4JaYUvmldJCISNVQ4Jmk3NVU9I6oUwVQ3vCoWwVw3vmk4wVRdJmISvFRdISIVNVA3vCoWwVNdIGYWvmo4ICk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcNaN9NGRaNqt8QGR7BHFaISopzU0aCaV6CaNcC78kBrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJoYbyd%3D%3D&param2=NGB6NqB6MqpcNJ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-11] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://securedsearch.xyz/{searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Profile: C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default [2017-09-08]
CHR Extension: (Google Slides) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-11]
CHR Extension: (Google Docs) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-11]
CHR Extension: (Google Drive) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-11]
CHR Extension: (YouTube) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-11]
CHR Extension: (Tampermonkey) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-20]
CHR Extension: (Avast Passwords) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-08-24]
CHR Extension: (Avast SafePrice) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-25]
CHR Extension: (Google Sheets) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-11]
CHR Extension: (EditThisCookie) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-08-23]
CHR Extension: (IndoXXI Companion) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmhbeannpfkiafgkfobkanlpaccfdki [2017-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-11]
CHR Extension: (Avast Online Security) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-22]
CHR Extension: (Secured Search) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2017-08-19]
CHR Extension: (Search Manager) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-25]
CHR Extension: (Yahoo Partner) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpedbdniajflhgfoipnjkednnlkngbj [2017-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Search Manager) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-09-08]
CHR Extension: (Gmail) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-06]
CHR Profile: C:\Users\robby\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-08]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1648293088-511393296-4282967912-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1648293088-511393296-4282967912-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1648293088-511393296-4282967912-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1648293088-511393296-4282967912-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-01] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [322976 2017-09-01] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-08-20] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-08-12] (EasyAntiCheat Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-03-29] (Intel Corporation)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [186544 2017-09-08] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [175560 2017-06-05] (Mozilla Foundation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-24] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0316410.inf_amd64_34efc9b338edba7b\atikmdag.sys [36572568 2017-07-28] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0316410.inf_amd64_34efc9b338edba7b\atikmpag.sys [529304 2017-07-28] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-01] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-01] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-01] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-01] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-01] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [555072 2017-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-01] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-01] (AVAST Software)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [557048 2017-07-18] (Intel Corporation)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-08-18] (Logitech Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2017-07-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [37344 2017-07-20] (Wellbia.com Co., Ltd.)
S3 xspirit; C:\Windows\xspirit.sys [22912 2017-07-20] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 23:58 - 2017-09-08 23:58 - 000000000 ____D C:\FRST
2017-09-08 23:49 - 2017-09-08 23:49 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-08 23:34 - 2017-09-08 23:34 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-08 23:34 - 2017-09-08 23:34 - 000000000 ____D C:\WINDOWS\pss
2017-09-08 23:30 - 2017-09-08 23:30 - 000000000 ____D C:\Users\robby\AppData\Local\ElevatedDiagnostics
2017-09-08 23:30 - 2017-09-08 23:30 - 000000000 ____D C:\MATS
2017-09-08 23:15 - 2017-09-08 23:18 - 000000000 ____D C:\ProgramData\SecTaskMan
2017-09-08 23:15 - 2017-09-08 23:15 - 000001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-09-08 23:15 - 2017-09-08 23:15 - 000001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-09-08 23:15 - 2017-09-08 23:15 - 000001164 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-09-08 23:15 - 2017-09-08 23:15 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2017-09-08 23:05 - 2017-09-08 23:05 - 000000000 ____D C:\Users\robby\AppData\Local\Spoon
2017-09-08 23:03 - 2017-09-08 23:03 - 000000762 _____ C:\Users\robby\Desktop\JRT.txt
2017-09-08 23:00 - 2017-09-08 23:00 - 000000000 ____D C:\New Folder
2017-09-08 09:04 - 2017-09-08 09:04 - 000000000 ____D C:\Users\robby\AppData\LocalLow\Yandex
2017-09-08 08:24 - 2014-09-10 09:14 - 000163480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000660120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000617896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000444328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MShflxgd.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000416408 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000279192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000259736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000222360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000219288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000218776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000212112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000179352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000131728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000127640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000119960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000108696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTKPRP.DLL
2017-09-08 08:24 - 2013-11-25 06:27 - 000104088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx
2017-09-08 08:24 - 2013-11-25 06:27 - 000084624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx
2017-09-08 08:24 - 2011-01-12 12:36 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2017-09-08 08:24 - 2011-01-12 12:25 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2017-09-08 08:24 - 2011-01-12 12:25 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2017-09-08 08:24 - 2011-01-12 12:19 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2017-09-08 08:24 - 2011-01-12 11:53 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2017-09-08 08:24 - 2008-04-15 05:00 - 001355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll
2017-09-08 08:24 - 2007-02-01 09:13 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-09-08 08:24 - 2007-02-01 06:11 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-09-08 08:24 - 2007-01-30 09:04 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2017-09-08 08:24 - 2006-08-25 13:28 - 001017344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70u.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ita.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70fra.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70esp.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70deu.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70enu.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70kor.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70jpn.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70cht.dll
2017-09-08 08:24 - 2006-08-25 13:15 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70chs.dll
2017-09-08 08:24 - 2006-08-25 13:07 - 001024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2017-09-08 08:24 - 2006-08-25 12:17 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll
2017-09-08 08:24 - 2005-01-20 08:25 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll
2017-09-08 08:24 - 2002-01-04 18:40 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP70.DLL
2017-09-08 08:24 - 1996-01-11 17:00 - 000935632 _____ (Microsoft Corporation) C:\WINDOWS\system\Vb40016.dll
2017-09-08 08:24 - 1996-01-11 17:00 - 000722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Vb40032.dll
2017-09-08 08:24 - 1994-11-17 14:00 - 000210944 _____ C:\WINDOWS\SysWOW64\msvcrt10.dll
2017-09-08 08:24 - 1993-05-11 10:00 - 000398416 _____ (Microsoft Corporation) C:\WINDOWS\system\Vbrun300.dll
2017-09-08 08:24 - 1992-10-20 15:00 - 000356992 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun200.dll
2017-09-08 08:24 - 1991-05-09 16:00 - 000271264 _____ C:\WINDOWS\system\vbrun100.dll
2017-09-08 08:13 - 2017-09-08 08:13 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-09-08 08:05 - 2017-09-08 16:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-08 08:05 - 2017-09-08 08:05 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-08 08:05 - 2017-09-08 08:05 - 000001176 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-08 08:05 - 2017-09-08 08:05 - 000000000 ____D C:\Users\robby\AppData\Local\Yandex
2017-09-08 08:01 - 2017-09-08 09:04 - 000000000 ____D C:\Users\robby\AppData\Roaming\Yandex
2017-09-08 07:58 - 2017-09-08 08:24 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-08 07:58 - 2017-07-18 22:22 - 000099808 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2017-09-08 07:58 - 2017-07-18 22:22 - 000089568 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2017-09-08 07:01 - 2017-09-08 07:01 - 000000000 ____D C:\Program Files\7-Zip
2017-09-08 07:00 - 2017-09-08 07:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-09-08 06:16 - 2017-09-08 06:29 - 000000000 ____D C:\Users\robby\AppData\Roaming\GlarySoft
2017-09-08 06:15 - 2017-09-08 06:29 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-09-08 05:24 - 2017-09-08 23:21 - 000002022 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2017-09-08 05:24 - 2017-09-08 23:21 - 000000000 ____D C:\ProgramData\DriverTalent
2017-09-08 05:24 - 2017-09-08 05:27 - 000000000 ____D C:\Users\robby\AppData\Roaming\DriverTalent
2017-09-08 05:24 - 2017-09-08 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2017-09-08 05:24 - 2017-09-08 05:24 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-09-08 04:55 - 2017-09-08 04:55 - 000000000 ____D C:\Users\robby\AppData\Roaming\DRPNPS
2017-09-08 04:53 - 2017-09-08 04:53 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-09-08 04:53 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-09-08 04:52 - 2017-07-28 18:11 - 000064088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-09-08 04:46 - 2017-09-08 04:46 - 000000000 ____D C:\Users\robby\My Drivers
2017-09-08 04:46 - 2017-05-12 13:12 - 000040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2017-09-08 04:45 - 2017-09-08 04:46 - 000000000 ____D C:\Users\robby\AppData\Local\Innovative Solutions
2017-09-08 04:45 - 2017-09-08 04:45 - 000000000 ____D C:\Users\robby\AppData\Roaming\Innovative Solutions
2017-09-08 04:45 - 2017-09-08 04:45 - 000000000 ____D C:\My Drivers
2017-09-08 04:25 - 2017-09-08 04:25 - 000000000 ____D C:\Users\robby\AppData\Local\Adobe
2017-09-08 04:25 - 2017-09-08 04:25 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-09-08 04:25 - 2017-09-08 04:25 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-09-08 04:25 - 2017-09-08 04:25 - 000000000 ____D C:\ProgramData\Adobe
2017-09-04 07:42 - 2017-09-04 07:42 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-09-03 00:33 - 2017-09-03 00:33 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-03 00:33 - 2017-09-03 00:33 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-03 00:33 - 2017-09-03 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-03 00:33 - 2017-09-03 00:33 - 000000000 ____D C:\Program Files\CCleaner
2017-09-03 00:14 - 2017-09-03 00:14 - 000003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-09-02 23:55 - 2017-09-02 23:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1648293088-511393296-4282967912-1001
2017-09-02 23:50 - 2017-09-08 16:33 - 000217024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-02 00:17 - 2017-09-02 00:17 - 000002011 _____ C:\Users\robby\Desktop\Welcome to ASUS Product Registration.lnk
2017-09-02 00:17 - 2017-09-02 00:17 - 000000000 ____D C:\ProgramData\APRP
2017-09-01 17:01 - 2017-09-01 17:01 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-08-31 18:22 - 2017-09-03 21:14 - 000000000 ____D C:\Users\robby\Desktop\baja ringan
2017-08-31 05:40 - 2017-08-31 05:40 - 000000000 ____D C:\Users\robby\AppData\Local\Logitech
2017-08-31 05:40 - 2017-08-31 05:40 - 000000000 ____D C:\ProgramData\LogiShrd
2017-08-31 05:38 - 2017-08-31 05:39 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-08-31 05:38 - 2017-08-31 05:38 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-08-31 05:38 - 2017-08-31 05:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-08-31 05:31 - 2017-08-31 05:31 - 000000000 ____D C:\Users\robby\AppData\Roaming\Logitech
2017-08-31 05:31 - 2017-08-31 05:31 - 000000000 ____D C:\Users\robby\AppData\Roaming\Logishrd
2017-08-25 17:19 - 2017-08-25 17:19 - 001186170 _____ C:\Users\robby\+.pdf
2017-08-24 23:10 - 2017-08-24 23:10 - 000000000 ____D C:\Users\robby\AppData\Roaming\EasyAntiCheat
2017-08-24 05:16 - 2017-07-25 19:30 - 000020790 _____ C:\WINDOWS\SysWOW64\ativvsnl.dat
2017-08-24 05:16 - 2017-07-25 19:30 - 000020790 _____ C:\WINDOWS\system32\ativvsnl.dat
2017-08-24 05:16 - 2017-07-25 19:30 - 000000025 _____ C:\WINDOWS\SysWOW64\ativvsny.dat
2017-08-24 05:16 - 2017-07-25 19:30 - 000000025 _____ C:\WINDOWS\system32\ativvsny.dat
2017-08-24 05:14 - 2017-07-28 05:30 - 000121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-08-24 05:14 - 2017-07-28 05:30 - 000112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-08-24 05:14 - 2017-07-28 05:30 - 000078232 _____ C:\WINDOWS\system32\amdverag.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 003410840 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 003299824 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 001435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000877432 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000873464 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000852136 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000737968 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000604800 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-08-24 04:26 - 2017-08-02 21:21 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 003516992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 003099552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-08-24 04:26 - 2017-08-02 21:20 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000680552 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000406456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000366120 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-08-24 04:26 - 2017-08-02 21:19 - 000179600 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 005347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 002444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 000362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 000310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-08-24 04:26 - 2017-08-02 21:18 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-08-24 04:26 - 2017-08-02 21:17 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-08-24 04:26 - 2017-08-02 21:17 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-08-24 04:26 - 2017-08-02 21:17 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-08-24 04:26 - 2017-08-02 21:17 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-08-24 04:26 - 2017-08-02 21:17 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-08-24 04:26 - 2017-08-02 21:17 - 000258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-08-24 04:26 - 2017-08-02 21:16 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-08-24 04:26 - 2017-08-02 17:33 - 013079786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-08-20 01:13 - 2017-08-20 01:13 - 000000000 ____D C:\Users\robby\AppData\LocalLow\Smartly Dressed Games
2017-08-19 19:39 - 2017-08-20 08:01 - 000000000 ____D C:\Program Files (x86)\AIMP Classic
2017-08-19 07:47 - 2017-08-19 07:47 - 000000002 _____ C:\WINDOWS\SysWOW64\stub.json
2017-08-19 05:42 - 2017-08-21 04:29 - 000000000 ____D C:\Users\robby\AppData\Roaming\Opera Software
2017-08-19 05:42 - 2017-08-21 04:29 - 000000000 ____D C:\Users\robby\AppData\Local\Opera Software
2017-08-19 05:42 - 2017-08-19 05:43 - 000004210 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1503146560
2017-08-18 02:11 - 2017-08-18 02:11 - 000000000 ____D C:\Users\robby\AppData\Local\Blizzard Entertainment
2017-08-18 02:02 - 2017-08-18 02:02 - 000000000 ____D C:\ProgramData\Battle.net
2017-08-18 02:01 - 2017-08-18 02:01 - 001843480 _____ (Logitech, Inc.) C:\WINDOWS\system32\LkmdfCoInst.dll
2017-08-18 02:01 - 2017-08-18 02:01 - 000067736 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\LGJoyXlCore.sys
2017-08-18 02:01 - 2017-08-18 02:01 - 000064280 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\LGSHidFilt.Sys
2017-08-18 02:01 - 2017-08-18 02:01 - 000036496 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\LGBusEnum.sys
2017-08-18 02:01 - 2017-08-18 02:01 - 000026008 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\LGVirHid.sys
2017-08-17 08:34 - 2017-08-17 08:34 - 000000000 ____D C:\Users\robby\AppData\LocalLow\Temp
2017-08-17 00:57 - 2017-08-17 00:58 - 000000000 ____D C:\Users\robby\AppData\Local\chromium
2017-08-14 02:04 - 2017-09-08 23:58 - 000000000 ____D C:\Users\robby\Desktop\gudang
2017-08-14 02:01 - 2017-08-14 02:01 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-08-14 02:01 - 2017-08-14 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-08-14 02:01 - 2017-08-14 02:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2017-08-14 02:01 - 2017-08-14 02:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-14 01:59 - 2017-08-14 02:01 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-08-14 01:59 - 2017-08-14 02:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-14 01:59 - 2017-08-14 01:59 - 000000000 ____D C:\Users\robby\AppData\Local\Microsoft Help
2017-08-14 01:59 - 2017-08-14 01:59 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-14 01:59 - 2017-08-14 01:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2017-08-14 01:58 - 2017-08-14 01:58 - 000000000 __RHD C:\MSOCache
2017-08-14 01:52 - 2017-09-08 08:01 - 000000000 ____D C:\Users\robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-14 01:52 - 2017-09-08 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-14 01:52 - 2017-09-08 08:01 - 000000000 ____D C:\Program Files (x86)\WinRAR
2017-08-14 01:52 - 2017-08-14 01:52 - 000000000 ____D C:\Users\robby\AppData\Roaming\WinRAR
2017-08-14 01:28 - 2017-09-08 08:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-14 01:28 - 2017-08-23 04:00 - 000000000 ____D C:\Users\robby\AppData\LocalLow\Mozilla
2017-08-14 01:28 - 2017-08-14 01:33 - 000000000 ____D C:\Users\robby\AppData\Local\Thunderbird
2017-08-14 01:28 - 2017-08-14 01:28 - 000001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-08-14 01:28 - 2017-08-14 01:28 - 000001226 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-08-14 01:28 - 2017-08-14 01:28 - 000000000 ____D C:\Users\robby\AppData\Roaming\Thunderbird
2017-08-14 01:28 - 2017-08-14 01:28 - 000000000 ____D C:\Users\robby\AppData\Roaming\Mozilla
2017-08-14 01:28 - 2017-08-14 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-08-12 22:40 - 2017-08-12 22:40 - 000000000 ____D C:\Users\robby\AppData\LocalLow\Freejam
2017-08-12 19:02 - 2017-08-12 19:02 - 000000222 _____ C:\Users\robby\Desktop\Robocraft.url
2017-08-09 01:07 - 2017-08-09 01:07 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2017-08-09 01:07 - 2017-08-09 01:07 - 000001967 _____ C:\Users\Public\Desktop\Avast Premier.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 23:49 - 2017-06-11 08:22 - 000000000 ____D C:\Users\robby\AppData\Local\Google
2017-09-08 23:42 - 2017-07-24 18:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-08 23:41 - 2017-06-11 06:44 - 002061864 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-08 23:38 - 2017-07-24 18:36 - 000003258 _____ C:\WINDOWS\System32\Tasks\GPU Tweak II
2017-09-08 23:37 - 2017-07-24 18:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-08 23:37 - 2017-03-18 04:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-08 23:34 - 2017-07-24 18:32 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-08 23:04 - 2017-07-24 18:33 - 000000000 ____D C:\Users\robby
2017-09-08 23:03 - 2017-07-26 03:40 - 000000000 ____D C:\AdwCleaner
2017-09-08 22:57 - 2017-07-21 08:11 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-08 22:57 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-08 21:36 - 2017-07-21 21:43 - 000778792 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-08 16:33 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-08 16:31 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-08 09:03 - 2017-06-11 08:22 - 000000000 ____D C:\Program Files\Google
2017-09-08 09:03 - 2017-06-11 08:21 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-08 08:24 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\System
2017-09-08 08:13 - 2017-07-24 18:33 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-08 08:13 - 2017-07-24 18:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-08 06:47 - 2017-07-24 18:36 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-08 05:32 - 2017-06-11 09:20 - 000000000 ____D C:\AMD
2017-09-08 04:59 - 2017-06-11 07:47 - 000000000 ____D C:\Program Files\Intel
2017-09-08 04:25 - 2017-06-11 06:41 - 000000000 ____D C:\Users\robby\AppData\Roaming\Adobe
2017-09-07 17:00 - 2017-06-11 06:41 - 000000000 ____D C:\Users\robby\AppData\Local\Packages
2017-09-07 03:13 - 2017-07-25 23:54 - 000000000 ____D C:\ProgramData\{82024761-0840-CDA7-8E86-53E514C4D82B}
2017-09-07 01:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-06 00:01 - 2017-07-24 23:24 - 000001429 _____ C:\Users\robby\Desktop\Roblox Player.lnk
2017-09-06 00:01 - 2017-07-24 23:23 - 000001244 _____ C:\Users\robby\Desktop\Roblox Studio.lnk
2017-09-06 00:01 - 2017-07-24 23:23 - 000000000 ____D C:\Users\robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-05 16:21 - 2017-06-11 08:22 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-05 16:21 - 2017-06-11 08:22 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-03 05:38 - 2017-07-20 22:15 - 000000000 ____D C:\Users\robby\AppData\Roaming\.minecraft
2017-09-03 00:34 - 2017-07-21 17:03 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-03 00:34 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-03 00:13 - 2016-04-26 23:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-03 00:08 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-01 21:36 - 2017-06-11 09:01 - 000022280 _____ (ASRock Incorporation) C:\WINDOWS\SysWOW64\Drivers\AsrAutoChkUpdDrv.sys
2017-09-01 17:01 - 2017-07-24 18:36 - 000004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1500609569
2017-09-01 17:01 - 2017-07-20 21:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-01 17:01 - 2017-07-20 20:59 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-09-01 17:01 - 2017-07-20 20:58 - 000555072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-09-01 17:01 - 2017-07-20 20:58 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-01 17:01 - 2017-07-20 20:50 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-08-31 02:54 - 2017-07-25 23:54 - 000000000 ____D C:\Users\robby\AppData\Local\UpdateTask
2017-08-29 05:54 - 2017-07-25 23:55 - 000000371 _____ C:\Users\robby\AppData\Roaming\WB.CFG
2017-08-20 08:12 - 2017-07-21 08:29 - 000000000 ____D C:\Users\robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-19 19:39 - 2017-06-11 06:41 - 000000000 ____D C:\Users\robby\AppData\Local\VirtualStore
2017-08-19 06:43 - 2017-07-26 00:59 - 000000000 ____D C:\Users\robby\AppData\Local\{013E3762-2596-5BDA-480E-7E326C6682AA}
2017-08-19 05:41 - 2017-07-25 23:54 - 000000000 ____D C:\Users\robby\AppData\Local\{EB40DD1C-CFE8-B1A4-A270-944C861868D4}
2017-08-18 02:52 - 2017-07-25 00:51 - 000000000 ____D C:\Users\robby\Documents\ROBLOX
2017-08-17 00:58 - 2017-07-25 23:56 - 000002334 _____ C:\Users\robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-08-17 00:55 - 2017-07-20 07:31 - 000000492 __RSH C:\ProgramData\ntuser.pol
2017-08-14 02:01 - 2017-08-03 03:55 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-14 02:00 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-14 01:59 - 2015-10-30 00:24 - 000000167 _____ C:\WINDOWS\win.ini
2017-08-12 19:02 - 2017-07-21 21:43 - 000383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-08-11 00:32 - 2017-07-24 23:23 - 000000000 ____D C:\Users\robby\AppData\Local\Roblox
2017-08-10 19:49 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2017-07-25 23:55 - 2017-08-29 05:54 - 000000371 _____ () C:\Users\robby\AppData\Roaming\WB.CFG
2017-07-24 18:33 - 2017-07-24 18:33 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-05 20:29
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by robby (08-09-2017 23:59:18)
Running from C:\Users\robby\Desktop\gudang
Windows 10 Pro Version 1703 (X64) (2017-07-25 01:38:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1648293088-511393296-4282967912-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1648293088-511393296-4282967912-503 - Limited - Disabled)
Guest (S-1-5-21-1648293088-511393296-4282967912-501 - Limited - Disabled)
robby (S-1-5-21-1648293088-511393296-4282967912-1001 - Administrator - Enabled) => C:\Users\robby
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
APP Shop v1.0.26 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.26 - ASRock Inc.)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock Restart to UEFI v1.0.5 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.5 - )
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.1 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Dirty Bomb (HKLM\...\Steam App 333930) (Version:  - Splash Damage®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Network Connections 21.1.29.0 (HKLM\...\PROSetDX) (Version: 21.1.29.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.5.0.1051 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.0.1.121 - Intel Corporation)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 55.0.3 (x86 ru) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 ru)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
Roblox Player for robby (HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for robby (HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Xtreme Download Manager (HKLM-x32\...\{544D8CA9-4267-4F3E-A25D-1F20A7677955}) (Version: 6.0.0 - Subhra Das Gupta)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-01] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-01] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-01] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-01] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {176B2944-E4A9-4555-AA23-D9D411D77386} - System32\Tasks\SafeZone scheduled Autoupdate 1500609569 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {1C38B8A1-BDE9-4F0A-919B-DEF3AB665B6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-11] (Google Inc.)
Task: {20804227-3198-4D17-BC77-905833CB3A26} - System32\Tasks\S-1-5-21-1648293088-511393296-4282967912-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {27DFFD6F-1D05-4F30-97D6-F4A34BD07CFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {3BB0F57F-3EE2-481C-A133-A6BDC1FB4109} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-01] (AVAST Software)
Task: {66447095-8495-4721-985B-F38EBAC506B3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {7495945F-0588-4B62-8D4F-EC577E8BDB46} - System32\Tasks\Opera scheduled Autoupdate 1503146560 => C:\Users\robby\AppData\Local\Programs\Opera\launcher.exe
Task: {AAFD4C17-AE1C-472B-B3DB-A222607C38DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-11] (Google Inc.)
Task: {B4F16BD2-6721-436E-8B18-375F31F669BD} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-07-19] (TODO: <Company name>)
Task: {C2F91514-1020-4A91-9959-4C4799942F26} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-24 16:44 - 2016-08-24 16:44 - 000282168 ____R () C:\Program Files\Intel\NCS2\Agent\AdapterAgnt.DLL
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-07-20 09:05 - 2017-07-20 09:06 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-25 16:08 - 2017-08-25 16:08 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-08-25 16:08 - 2017-08-25 16:08 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-01 17:01 - 2017-09-01 17:01 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-05 16:21 - 2017-09-04 01:12 - 002692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libglesv2.dll
2017-09-05 16:21 - 2017-09-04 01:12 - 000138584 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libegl.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000186544 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000263344 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-09-08 05:24 - 2017-09-08 05:23 - 000169648 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000172208 _____ () c:\program files (x86)\ostotosoft\drivertalent\DtlPlug.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000111280 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000123568 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-07-18 17:22 - 2016-07-18 17:22 - 000061440 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll
2016-07-13 10:46 - 2016-07-13 10:46 - 001746944 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 00:24 - 2017-08-20 07:52 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DriverPack Notifier"
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{11DDBB58-3201-4D6A-B0D4-DDCE4CF17054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{20FFD1FE-407E-4334-B1BA-4E97740640B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{E2F8BBE1-B75B-4B0F-AF07-67660502AED4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6FAE127D-A5A0-466C-BD6A-E3FF7D239B14}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EE891AE8-549D-47A1-97BE-9B8D9E7FA5FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A98B793-7DC6-4BD4-A7AF-A473B136A232}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CBD5A7E1-82A3-4EDA-99E7-27D39A61E62E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{B02AFAD4-957F-411C-806C-720D8DF6EAC7}] => (Allow) C:\Users\robby\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{B74D1930-A241-4A81-85BE-8909B176ABE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{756495F9-3402-4D48-873F-AEFEAA4DBCD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{8A0605C3-BD10-4D46-AA29-5A680ECEBAF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{441079E5-7002-4AAB-8BD1-E122A1E8657B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{845F05C4-F42C-4793-B5B5-EF9E1B6BB8EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{443E0E73-3D7E-4E2F-AA76-AB4F33B4754F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{18653134-2B50-429F-B72D-B3F81A2CCB16}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{E9552AEF-30F4-48FD-B0A5-7D8EB8C3609E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9C3339CE-401D-4BB0-AB0B-EDCF27296339}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{1D6B2E5F-2705-41FF-8235-B0B73E1E34E5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{0727ECA5-1AB6-4FFD-9BEF-57342164342C}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{8E17EFC1-F324-408C-9092-6488F786355F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55F73CDB-4741-440A-935B-38A7DC29F001}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
08-09-2017 04:50:19 DMX_DriverMax Driver Installation
08-09-2017 23:01:45 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2017 11:52:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0xa38
Faulting application start time: 0x01d329383a6579b9
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 30c4df93-278a-48a9-bf17-0857ccbdd07a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0x11c0
Faulting application start time: 0x01d3293835d9c35b
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 0e4ac58b-c84a-401a-8faa-e469d4e34fea
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:52:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0x1cac
Faulting application start time: 0x01d329382da6230a
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: b20099c9-1654-4a7c-b22b-bedfdd0aed21
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0x1dbc
Faulting application start time: 0x01d3293828157920
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 5e18bdc4-e860-47eb-8727-eb8e35548d41
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0x1e34
Faulting application start time: 0x01d329381b85f8ec
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: bd73f2a5-ef47-4702-820d-1d7871df358c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0xf80
Faulting application start time: 0x01d32937c281af3b
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 7b899c74-78de-42b1-b469-cad1819b460d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0009264e
Faulting process id: 0x1eb8
Faulting application start time: 0x01d32937bc87849e
Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 019cb6bc-2a58-4df9-adda-2e15d18900b6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 11:33:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD2QLSR)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/08/2017 11:33:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD2QLSR)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/08/2017 11:33:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD2QLSR)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (09/08/2017 11:37:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/08/2017 11:37:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/08/2017 11:37:10 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/08/2017 11:36:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/08/2017 11:36:42 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/08/2017 11:36:39 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (09/08/2017 11:36:39 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Error: (09/08/2017 11:36:29 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/08/2017 11:36:22 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/08/2017 11:36:16 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FD2QLSR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-09-08 06:16:45.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-08 04:28:20.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-07 18:36:56.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-07 01:44:14.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-07 01:44:11.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-06 20:09:30.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-06 06:17:26.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-02 05:37:10.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-01 17:21:56.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-29 18:11:08.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G4560 @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8156.58 MB
Available physical RAM: 6157.76 MB
Total Virtual: 14556.58 MB
Available Virtual: 12077.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.24 GB) (Free:51.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:40 PM

Posted 10 September 2017 - 11:40 AM

esa123:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
On looking initially at your logs, I am wondering if the programs installed on the computer are also running slow; or if it is only really noticeable when you are using a browser and/or playing online games?
 
I  ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:40 PM

Posted 10 September 2017 - 01:28 PM

esa123:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The FRST logs reveal that you have Avast SafePrice Google Chrome extension installed. Please see this link for more information. I would recommend that you disable and remove this extension. It is your decision. Please let me know what you decide to do.

.

:step2: The logs show the following Google Chrome extension installed on your computer:
 

CHR Extension: (IndoXXI Companion) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmhbeannpfkiafgkfobkanlpaccfdki [2017-08-17]

I am not familiar with that Chrome extension. If you did not knowingly install it, you should disable/remove it. Please let me know what you decide to do.

.

:step3: The logs also show some additional, possible AVG/Avast Chrome extensions:
 

CHR Extension: (Secured Search) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2017-08-19]
CHR Extension: (Search Manager) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-25]
CHR Extension: (Search Manager) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-09-08]

Unless you have knowingly installed and activated those extensions, I would recommend disabling/removing them. Let me know what you decide to do. Please see this link for more information about the Search Manager extension.

.

:step4: Please run a FRST fix for me.

IMPORTANT: I am noticing remnants of Driver Talent (OSTotoSoft) on your computer. It does not appear as an installed program on your computer, so I am going to remove those remnants. If you don't want them to be removed, then please delete all of the lines in the FRST "fixlist" script that have either name in the line; or, don't execute the script and I will prepare an amended script for you to run. Bleeping Computer does not recommend the use of driver updaters. Please see this link for more information.


NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4bfab2fe4c17214bdd&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITopQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ9ISk3vFJdJ6IXwVVdJmoWvFQ4JqYVNVQ4IWYUNVU9GqYVNUI3wGYGwVQ9ISoUwVQ9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6oVvFI9JCoXvFRdJCIWvFE9I6IWNVU9JCk3wVxdJ6k3NVQ4JmISwVVdJmoXNVU9IaYVNVI9JaYVvFJdJ6oVvmpdJ6k4vmo4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVRdISk3vFE4JaYUvmldJCISNVQ4Jmk3NVU9I6oUwVQ3vCoWwVw3vmk4wVRdJmISvFRdISIVNVA3vCoWwVNdIGYWvmo4ICk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcNaN9NGRaNqt8QGR7BHFaISopzU0aCaV6CaNcC78kBrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJoYbyd%3D%3D&param2=NGB6NqB6MqpcNJ%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_adsafld_17_33_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtA0ByCyByB0D0ByD0E0AtN0D0Tzu0StBtDyDyBtN1L2XzutAtFtBzytFtCtDyEtFyCyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0A0FyDtDtB0AzztGyDyCtByBtG0BzytDyDtGtA0E0E0CtGtBtBtBtDtCtCtAzyyC0C0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DzzyEyC0Ezz0AtG0ByBzz0AtGyEtBzyyCtGzzzytB0BtGyB0DtD0FzyyCtC0E0CzyyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzzyCyC%26cr%3D707681373%26a%3Dwbf_adsafld_17_33_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKU\S-1-5-21-1648293088-511393296-4282967912-1001 -> {A0760D9C-C837-487A-92F2-C251A28B4AAE} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4bfab2fe4c17214bdd&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITopQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ9ISk3vFJdJ6IXwVVdJmoWvFQ4JqYVNVQ4IWYUNVU9GqYVNUI3wGYGwVQ9ISoUwVQ9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6oVvFI9JCoXvFRdJCIWvFE9I6IWNVU9JCk3wVxdJ6k3NVQ4JmISwVVdJmoXNVU9IaYVNVI9JaYVvFJdJ6oVvmpdJ6k4vmo4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVRdISk3vFE4JaYUvmldJCISNVQ4Jmk3NVU9I6oUwVQ3vCoWwVw3vmk4wVRdJmISvFRdISIVNVA3vCoWwVNdIGYWvmo4ICk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcNaN9NGRaNqt8QGR7BHFaISopzU0aCaV6CaNcC78kBrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJoYbyd%3D%3D&param2=NGB6NqB6MqpcNJ%3D%3D&p={searchTerms}
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Yahoo Partner) - C:\Users\robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpedbdniajflhgfoipnjkednnlkngbj [2017-07-20]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx
2017-09-08 05:24 - 2017-09-08 23:21 - 000002022 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2017-09-08 05:24 - 2017-09-08 23:21 - 000000000 ____D C:\ProgramData\DriverTalent
2017-09-08 05:24 - 2017-09-08 05:27 - 000000000 ____D C:\Users\robby\AppData\Roaming\DriverTalent
2017-09-08 05:24 - 2017-09-08 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2017-09-08 05:24 - 2017-09-08 05:24 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
VirusTotal: C:\WINDOWS\system32\amdverag.dll
2017-08-17 00:57 - 2017-08-17 00:58 - 000000000 ____D C:\Users\robby\AppData\Local\chromium
2017-08-29 05:54 - 2017-07-25 23:55 - 000000371 _____ C:\Users\robby\AppData\Roaming\WB.CFG
2017-08-17 00:58 - 2017-07-25 23:56 - 000002334 _____ C:\Users\robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-09-08 05:24 - 2017-09-08 05:24 - 000263344 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-09-08 05:24 - 2017-09-08 05:23 - 000169648 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000172208 _____ () c:\program files (x86)\ostotosoft\drivertalent\DtlPlug.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000111280 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-09-08 05:24 - 2017-09-08 05:24 - 000123568 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
HKU\S-1-5-21-1648293088-511393296-4282967912-1001\...\StartupApproved\Run: => "Chromium"
FirewallRules: [{B02AFAD4-957F-411C-806C-720D8DF6EAC7}] => (Allow) C:\Users\robby\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{9C3339CE-401D-4BB0-AB0B-EDCF27296339}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{1D6B2E5F-2705-41FF-8235-B0B73E1E34E5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{0727ECA5-1AB6-4FFD-9BEF-57342164342C}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:40 PM

Posted 13 September 2017 - 05:10 AM

esa123:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:40 PM

Posted 15 September 2017 - 12:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users