Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svchost.exe virus and adware that keeps closing browser.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Milo_Airbatu

Milo_Airbatu

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 April 2018 - 12:05 PM

The problem I'm facing with is svchost.exe virus and adware that keeps on closing my browser.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Kiro (administrator) on ACER (11-04-2018 00:43:27)
Running from C:\Users\Khairul\Downloads
Loaded Profiles: Kiro (Available Profiles: Kiro)
Platform: Windows 10 Home Single Language Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\My WIFI Router\bmser.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Akamai Technologies, Inc.) C:\Users\Khairul\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Khairul\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Khairul\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Garena Online ) C:\Program Files (x86)\Garena\Garena\Garena.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [WTClient] => C:\Windows\system32\WTClient.exe [32768 2009-10-30] (Tablet Driver)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [706392 2017-12-19] (Autodesk, Inc.)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1456984 2018-03-20] (Google Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18249472 2014-05-02] (Acer Incorporated)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Khairul\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [uTorrent] => C:\Users\Khairul\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [Spotify] => C:\Users\Khairul\AppData\Roaming\Spotify\Spotify.exe [21325200 2018-03-09] (Spotify Ltd)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [Spotify Web Helper] => C:\Users\Khairul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-03-09] (Spotify Ltd)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\MountPoints2: {c88a3fef-7691-11e7-83d4-201a066f7d61} - "D:\Setup.exe" /s
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\MountPoints2: {c88a3ffa-7691-11e7-83d4-201a066f7d61} - "D:\Setup.exe" /s
Startup: C:\Users\Khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-11-03]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Khairul\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2017-01-29] ()
BootExecute: autocheck autochk * bootdeletebootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{58bf9778-bf06-4d18-bf81-c2a6d2b3d1f5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6c9c85f0-1b0a-47e1-9458-971621fd0e2f}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131236112796904313&GUID=6958BD47-4575-4E21-AADE-EC09E5D3EAE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {16C15BB2-B851-48D9-8D13-A1A77154B8E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {16C15BB2-B851-48D9-8D13-A1A77154B8E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {16C15BB2-B851-48D9-8D13-A1A77154B8E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://malaysia.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001 -> {16C15BB2-B851-48D9-8D13-A1A77154B8E0} URL =
SearchScopes: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6gvmsol8.default-1455268647763-1521992077061
FF ProfilePath: C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061 [2018-04-11]
FF user.js: detected! => C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\user.js [2017-06-30]
FF Extension: (System Table) - C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\Extensions\383882@modext.tech.xpi [2018-02-22]
FF Extension: (AdBlock) - C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-04-08]
FF Extension: (Quick Searcher) - C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-04-08]
FF Extension: (Adblock Plus) - C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-25]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Profiles\6gvmsol8.default-1455268647763-1521992077061\features\{99326945-aedf-446d-944e-d7931cef3c38}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-04-10]

Chrome:
=======
CHR Profile: C:\Users\Khairul\AppData\Local\Google\Chrome\User Data\Default [2018-04-10]
CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-12-19] (Autodesk Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2800896 2014-05-02] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-04-26] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2016-07-19] (Reprise Software Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe [319296 2018-03-20] (Garena Online )
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-04-09] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-29] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [220712 2013-07-09] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-10-31] (Tablet Driver) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [742864 2016-03-22] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-11] ()
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-09] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R1 MpKsl23cf013a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA158B55-ABCC-4E86-A674-35FEA3CCC564}\MpKsl23cf013a.sys [58120 2018-04-10] (Microsoft Corporation)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 tapSF0901; C:\WINDOWS\System32\drivers\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [102864 2016-03-03] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-04-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-02-25 06:26 - 27142-02-25 06:26 - 000174592 ____N (Microsoft Corporation) C:\Program Files (x86)\JHKuYG.exe
2099-02-25 06:26 - 27142-02-25 06:26 - 000059904 ____N (Microsoft Corporation) C:\Users\Khairul\AppData\Local\YDJIm.exe
2099-02-25 06:26 - 27142-02-25 06:26 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\bBMyOYUoii.exe
2018-04-11 00:43 - 2018-04-11 00:44 - 000027105 _____ C:\Users\Khairul\Downloads\FRST.txt
2018-04-11 00:42 - 2018-04-11 00:43 - 000000000 ____D C:\FRST
2018-04-11 00:41 - 2018-04-11 00:41 - 002403328 _____ (Farbar) C:\Users\Khairul\Downloads\FRST64.exe
2018-04-11 00:36 - 2018-04-11 00:36 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-04-11 00:36 - 2018-04-11 00:36 - 000000348 _____ C:\WINDOWS\system32\bootdelete.lst
2018-04-10 23:18 - 2018-04-10 23:18 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-10 23:18 - 2018-04-10 23:18 - 000002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-10 23:17 - 2018-04-10 23:17 - 000001853 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-04-10 23:17 - 2018-04-10 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-04-10 23:17 - 2018-04-10 23:17 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-10 23:04 - 2018-04-10 23:08 - 000860994 _____ C:\TDSSKiller.3.1.0.16_10.04.2018_23.04.14_log.txt
2018-04-10 23:01 - 2018-04-10 23:02 - 000260474 _____ C:\TDSSKiller.3.1.0.16_10.04.2018_23.01.04_log.txt
2018-04-10 13:53 - 2018-04-11 00:20 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-04-10 13:49 - 2018-04-10 13:52 - 000262412 _____ C:\TDSSKiller.3.1.0.16_10.04.2018_13.49.15_log.txt
2018-04-10 01:07 - 2018-04-11 00:43 - 000276718 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-10 01:07 - 2018-04-11 00:42 - 000067963 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-10 01:07 - 2018-04-10 01:07 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-04-10 01:07 - 2018-04-10 01:07 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-04-10 01:07 - 2018-04-10 01:07 - 000001225 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-04-10 01:07 - 2018-04-10 01:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-04-10 01:06 - 2018-04-10 01:07 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-10 01:06 - 2018-04-10 01:06 - 006625600 _____ (Zemana Ltd. ) C:\Users\Khairul\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-10 01:06 - 2018-04-10 01:06 - 000000000 ____D C:\Users\Khairul\AppData\Local\Zemana
2018-04-10 00:42 - 2018-04-10 00:47 - 000930314 _____ C:\TDSSKiller.3.1.0.16_10.04.2018_00.42.26_log.txt
2018-04-10 00:40 - 2018-04-10 00:40 - 000006652 _____ C:\TDSSKiller.3.1.0.16_10.04.2018_00.40.04_log.txt
2018-04-10 00:31 - 2018-04-10 00:50 - 000000000 ____D C:\AdwCleaner
2018-04-10 00:31 - 2018-04-10 00:31 - 008222496 _____ (Malwarebytes) C:\Users\Khairul\Downloads\adwcleaner_7.0.8.0.exe
2018-04-09 23:47 - 2018-04-09 23:47 - 000016834 _____ C:\WINDOWS\system32\.crusader
2018-04-09 23:26 - 2018-04-09 23:26 - 000001970 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-04-09 23:26 - 2018-04-09 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-04-09 23:25 - 2018-04-09 23:48 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-09 23:25 - 2018-04-09 23:26 - 000000000 ____D C:\Program Files\HitmanPro
2018-04-09 23:24 - 2018-04-09 23:24 - 011605440 _____ (SurfRight B.V.) C:\Users\Khairul\Downloads\hitmanpro_x64.exe
2018-04-09 23:10 - 2018-04-09 23:12 - 001202576 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_23.10.04_log.txt
2018-04-09 22:58 - 2018-04-09 23:00 - 000006520 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_22.58.10_log.txt
2018-04-09 22:44 - 2018-04-09 22:56 - 002517280 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_22.44.08_log.txt
2018-04-09 22:32 - 2018-04-09 22:36 - 001013582 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_22.32.42_log.txt
2018-04-09 22:30 - 2018-04-09 22:55 - 000000000 ____D C:\TDSSKiller_Quarantine
2018-04-09 22:29 - 2018-04-09 22:31 - 000261916 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_22.29.15_log.txt
2018-04-09 22:28 - 2018-04-09 22:28 - 000000562 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_22.28.37_log.txt
2018-04-09 22:16 - 2018-04-09 22:16 - 000000022 _____ C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe_20180409.221616.288.zip
2018-04-09 21:49 - 2018-04-09 21:49 - 000001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-04-09 21:49 - 2018-04-09 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-04-09 21:49 - 2018-04-09 21:49 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-09 21:49 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-09 21:49 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-04-09 21:49 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-09 21:40 - 2018-04-09 21:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-09 21:40 - 2018-04-09 21:40 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-09 21:40 - 2018-04-09 21:40 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-09 21:40 - 2018-04-09 21:40 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-09 21:40 - 2018-04-09 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-09 21:40 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-09 21:12 - 2018-04-09 21:14 - 000258490 _____ C:\TDSSKiller.3.1.0.16_09.04.2018_21.12.29_log.txt
2018-04-09 21:11 - 2018-04-09 21:12 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Khairul\Downloads\tdsskiller.exe
2018-04-09 20:42 - 2018-04-09 20:42 - 000000106 _____ C:\Users\Khairul\Desktop\note.txt
2018-04-09 19:10 - 2018-04-09 20:44 - 000000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 888c3ba3-9631-4057-864a-fa5101c8bcb5.job
2018-04-09 19:10 - 2018-04-09 20:43 - 000000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 40eb7fcf-52d6-4a53-9db3-f298e02eeb14.job
2018-04-09 19:10 - 2018-04-09 19:10 - 000003734 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 40eb7fcf-52d6-4a53-9db3-f298e02eeb14
2018-04-09 19:10 - 2018-04-09 19:10 - 000003652 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 888c3ba3-9631-4057-864a-fa5101c8bcb5
2018-04-09 19:09 - 2018-04-09 19:09 - 032725960 _____ (SUPERAntiSpyware) C:\Users\Khairul\Downloads\SUPERAntiSpyware.exe
2018-04-09 19:09 - 2018-04-09 19:09 - 000000000 ____D C:\Users\Khairul\AppData\Roaming\SUPERAntiSpyware.com
2018-04-09 19:09 - 2018-04-09 19:09 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-04-09 19:04 - 2018-04-09 19:04 - 000235882 _____ C:\Users\Khairul\Downloads\chameleon.chm
2018-04-09 18:57 - 2018-04-09 18:57 - 006705178 _____ C:\Users\Khairul\Desktop\mbam-chameleon-3.1.33.0.zip
2018-04-09 18:57 - 2016-05-14 06:52 - 000000000 ____D C:\Users\Khairul\Desktop\mbam-chameleon-3.1.33.0
2018-04-09 18:38 - 2018-04-09 18:38 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Khairul\Downloads\rkill64.com
2018-04-09 18:37 - 2018-04-09 18:37 - 000000022 _____ C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe_20180409.183701.11148.zip
2018-04-09 18:25 - 2018-04-09 18:26 - 072594032 _____ (Malwarebytes ) C:\Users\Khairul\Downloads\stuff.exe
2018-04-09 18:18 - 2018-04-09 18:18 - 000000022 _____ C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe_20180409.181835.12096.zip
2018-04-09 18:17 - 2018-04-09 18:17 - 000000022 _____ C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe_20180409.181727.2156.zip
2018-04-09 17:54 - 2018-04-09 17:54 - 000566128 _____ (Malwarebytes) C:\Users\Khairul\Downloads\iexplore.exe
2018-04-09 17:47 - 2018-04-09 17:47 - 072594032 _____ (Malwarebytes ) C:\Users\Khairul\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4656.exe
2018-04-09 17:27 - 2018-04-10 23:15 - 000004094 _____ C:\Users\Khairul\Desktop\Rkill.txt
2018-04-09 17:27 - 2018-04-09 17:27 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Khairul\Desktop\rkill.com
2018-04-09 17:23 - 2018-04-09 17:23 - 000000022 _____ C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe_20180409.172338.20372.zip
2018-04-09 17:22 - 2018-04-09 17:22 - 000549504 _____ (ESET) C:\Users\Khairul\Downloads\ESETPoweliksCleaner.exe
2018-04-09 12:35 - 2018-04-09 12:35 - 000504320 _____ C:\WINDOWS\191ab4ed4617cc95bcc9905e10aa4f8f.exe
2018-04-09 12:35 - 2018-04-09 12:35 - 000052422 _____ C:\WINDOWS\uninstaller.dat
2018-04-08 21:12 - 2018-04-09 17:38 - 000624580 _____ C:\WINDOWS\Minidump\040818-42203-01.dmp
2018-04-08 21:05 - 2018-04-08 21:05 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-08 20:56 - 2018-04-08 20:57 - 072584760 _____ (Malwarebytes ) C:\Users\Khairul\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4646.exe
2018-04-08 20:43 - 2018-04-08 21:08 - 000610036 _____ C:\WINDOWS\Minidump\040818-37234-01.dmp
2018-04-08 20:18 - 2018-04-08 20:18 - 000001140 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-04-08 20:18 - 2018-04-08 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-04-08 20:18 - 2018-04-08 20:18 - 000000000 ____D C:\Program Files (x86)\Revo Uninstaller
2018-04-08 20:16 - 2018-04-08 20:16 - 007197480 _____ (VS Revo Group ) C:\Users\Khairul\Downloads\revosetup.exe
2018-04-08 19:54 - 2018-04-08 20:02 - 000578300 _____ C:\WINDOWS\Minidump\040818-39109-01.dmp
2018-04-08 19:12 - 2018-04-08 19:13 - 000814156 _____ C:\WINDOWS\Minidump\040818-34375-01.dmp
2018-04-08 17:03 - 2018-04-08 17:03 - 000000000 ____D C:\GOG Games
2018-04-08 16:02 - 2018-04-08 16:03 - 000687948 _____ C:\WINDOWS\Minidump\040818-37703-01.dmp
2018-04-08 15:09 - 2018-04-08 21:12 - 897568261 _____ C:\WINDOWS\MEMORY.DMP
2018-04-08 15:09 - 2018-04-08 21:12 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-08 15:09 - 2018-04-08 15:19 - 000562612 _____ C:\WINDOWS\Minidump\040818-34796-01.dmp
2018-04-08 14:27 - 2018-04-08 19:16 - 000000004 _____ C:\ProgramData\lock.dat
2018-04-08 14:27 - 2018-04-08 19:14 - 000000016 _____ C:\ProgramData\rwi.jhad
2018-04-08 12:26 - 2018-04-08 12:26 - 000000000 ____D C:\Users\Khairul\AppData\Roaming\WidModule
2018-04-08 12:25 - 2018-04-08 19:16 - 000000000 ____D C:\ProgramData\dahjService
2018-04-08 12:25 - 2018-04-08 12:25 - 000003748 _____ C:\WINDOWS\System32\Tasks\{8C94D566-EA37-F9C6-0B2B-6700BA1C419F}
2018-04-08 12:25 - 2018-04-08 12:25 - 000003550 _____ C:\WINDOWS\System32\Tasks\{7B033DBC-5A88-EC87-B610-B9F76E9EBC6B}
2018-04-08 12:25 - 2018-04-08 12:25 - 000000003 _____ C:\Users\Khairul\AppData\Local\wbem.ini
2018-04-07 22:30 - 2018-04-07 22:30 - 000000000 ____D C:\Users\Khairul\AppData\LocalLow\Hyper Hippo Productions Ltd_
2018-04-07 20:26 - 2018-04-07 20:26 - 000144648 _____ C:\WINDOWS\system32\Drivers\432ebee290604fd51d2d99c3e8368a76.sys
2018-04-03 19:32 - 2018-04-05 00:33 - 000007704 _____ C:\Users\Khairul\Desktop\clickerHeroSave.txt
2018-04-03 18:13 - 2018-04-03 18:13 - 000000000 ____D C:\Users\Khairul\AppData\Roaming\com.playsaurus.heroclicker
2018-04-03 01:22 - 2018-04-03 01:22 - 000529656 _____ (MurGee.com ) C:\Users\Khairul\Downloads\setup.exe
2018-04-02 13:16 - 2018-04-02 13:16 - 000000000 ____D C:\Users\Khairul\AppData\LocalLow\HuniePot
2018-04-02 13:13 - 2018-04-02 13:13 - 000000000 ____D C:\Users\Khairul\AppData\Local\Open_Source_Developer_Fed
2018-04-02 13:12 - 2018-04-02 13:13 - 001723330 _____ (Open Source Developer Federica Domani (federicadomani.wordpr) C:\Users\Khairul\Downloads\Setup_AutoClickerProfessional_3_3_6_0.exe
2018-03-20 00:57 - 2018-03-20 00:58 - 000000000 ____D C:\Users\Khairul\AppData\Local\SniperV2
2018-03-15 15:22 - 2018-03-03 05:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-15 15:22 - 2018-03-03 05:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 22:25 - 2018-03-02 11:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 22:25 - 2018-03-01 15:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 22:25 - 2018-03-01 15:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 22:25 - 2018-03-01 15:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 22:25 - 2018-03-01 15:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 22:25 - 2018-03-01 15:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 22:25 - 2018-03-01 15:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 22:25 - 2018-03-01 15:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 22:25 - 2018-03-01 15:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 22:25 - 2018-03-01 15:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 22:25 - 2018-03-01 15:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 22:25 - 2018-03-01 15:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 22:25 - 2018-03-01 15:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 22:25 - 2018-03-01 15:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 22:25 - 2018-03-01 15:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 22:25 - 2018-03-01 15:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 22:25 - 2018-03-01 15:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 22:25 - 2018-03-01 15:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 22:25 - 2018-03-01 15:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 22:25 - 2018-03-01 15:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 22:25 - 2018-03-01 14:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 22:25 - 2018-03-01 14:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 22:25 - 2018-03-01 14:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 22:25 - 2018-03-01 14:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 22:25 - 2018-03-01 14:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 22:25 - 2018-03-01 14:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 22:25 - 2018-03-01 14:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 22:25 - 2018-03-01 14:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 22:25 - 2018-03-01 14:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 22:25 - 2018-03-01 14:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 22:25 - 2018-03-01 14:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 22:25 - 2018-03-01 14:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 22:25 - 2018-03-01 14:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 22:25 - 2018-03-01 14:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 22:25 - 2018-03-01 14:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 22:25 - 2018-03-01 14:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 22:25 - 2018-03-01 14:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 22:25 - 2018-03-01 14:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 22:25 - 2018-03-01 14:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 22:25 - 2018-03-01 13:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 22:25 - 2018-03-01 13:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 22:25 - 2018-03-01 13:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 22:25 - 2018-03-01 13:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 22:25 - 2018-03-01 13:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 22:25 - 2018-03-01 13:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 22:25 - 2018-03-01 13:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 22:25 - 2018-03-01 13:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 22:25 - 2018-03-01 13:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 22:25 - 2018-03-01 13:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 22:25 - 2018-03-01 13:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 22:25 - 2018-03-01 13:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 22:25 - 2018-03-01 13:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 22:25 - 2018-03-01 13:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 22:25 - 2018-03-01 13:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 22:25 - 2018-03-01 13:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 22:25 - 2018-03-01 13:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 22:25 - 2018-03-01 13:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 22:25 - 2018-03-01 13:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 22:25 - 2018-03-01 13:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 22:25 - 2018-03-01 13:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 22:25 - 2018-03-01 13:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 22:25 - 2018-03-01 13:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 22:25 - 2018-03-01 13:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 22:25 - 2018-03-01 13:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 22:25 - 2018-03-01 13:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 22:25 - 2018-03-01 13:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 22:25 - 2018-03-01 13:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 22:25 - 2018-03-01 13:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 22:25 - 2018-03-01 13:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 22:25 - 2018-03-01 13:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 22:25 - 2018-03-01 13:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 22:25 - 2018-03-01 13:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 22:25 - 2018-03-01 13:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 22:25 - 2018-03-01 13:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 22:25 - 2018-03-01 13:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 22:25 - 2018-03-01 13:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 22:25 - 2018-03-01 13:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 22:25 - 2018-03-01 13:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 22:25 - 2018-03-01 13:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 22:25 - 2018-03-01 13:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 22:25 - 2018-03-01 13:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 22:25 - 2018-03-01 13:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 22:25 - 2018-03-01 13:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 22:25 - 2018-03-01 13:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 22:25 - 2018-03-01 13:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 22:25 - 2018-03-01 13:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 22:25 - 2018-02-22 10:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 22:25 - 2018-02-22 10:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 22:25 - 2018-02-22 10:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 22:25 - 2018-02-22 10:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 22:25 - 2018-02-22 10:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 22:25 - 2018-02-22 10:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 22:25 - 2018-02-22 10:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 22:25 - 2018-02-22 10:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 22:25 - 2018-02-22 10:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 22:25 - 2018-02-22 10:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 22:25 - 2018-02-22 10:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 22:25 - 2018-02-22 09:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 22:25 - 2018-02-22 09:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 22:25 - 2018-02-22 09:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 22:25 - 2018-02-22 09:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 22:25 - 2018-02-22 09:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 22:25 - 2018-02-22 08:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 22:25 - 2018-02-22 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 22:25 - 2018-02-22 08:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 22:25 - 2018-02-22 08:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 22:25 - 2018-02-22 08:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 22:24 - 2018-03-02 11:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 22:24 - 2018-03-02 11:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 22:24 - 2018-03-02 11:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 22:24 - 2018-03-02 11:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 22:24 - 2018-03-02 11:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 22:24 - 2018-03-02 10:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 22:24 - 2018-03-02 04:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 22:24 - 2018-03-01 15:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 22:24 - 2018-03-01 15:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 22:24 - 2018-03-01 15:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 22:24 - 2018-03-01 15:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 22:24 - 2018-03-01 15:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 22:24 - 2018-03-01 15:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 22:24 - 2018-03-01 15:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 22:24 - 2018-03-01 15:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 22:24 - 2018-03-01 15:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 22:24 - 2018-03-01 15:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 22:24 - 2018-03-01 15:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 22:24 - 2018-03-01 15:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 22:24 - 2018-03-01 15:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 22:24 - 2018-03-01 15:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 22:24 - 2018-03-01 15:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 22:24 - 2018-03-01 15:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 22:24 - 2018-03-01 15:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 22:24 - 2018-03-01 15:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 22:24 - 2018-03-01 15:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 22:24 - 2018-03-01 15:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 22:24 - 2018-03-01 15:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 22:24 - 2018-03-01 15:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 22:24 - 2018-03-01 15:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 22:24 - 2018-03-01 14:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 22:24 - 2018-03-01 14:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 22:24 - 2018-03-01 14:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 22:24 - 2018-03-01 14:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 22:24 - 2018-03-01 14:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 22:24 - 2018-03-01 14:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 22:24 - 2018-03-01 14:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 22:24 - 2018-03-01 13:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 22:24 - 2018-03-01 13:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 22:24 - 2018-03-01 13:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 22:24 - 2018-03-01 13:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 22:24 - 2018-03-01 13:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 22:24 - 2018-03-01 13:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 22:24 - 2018-03-01 13:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 22:24 - 2018-03-01 13:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 22:24 - 2018-03-01 13:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 22:24 - 2018-03-01 13:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 22:24 - 2018-03-01 13:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 22:24 - 2018-03-01 13:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 22:24 - 2018-03-01 13:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 22:24 - 2018-03-01 13:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 22:24 - 2018-03-01 13:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 22:24 - 2018-03-01 13:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 22:24 - 2018-03-01 13:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 22:24 - 2018-03-01 13:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 22:24 - 2018-03-01 13:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 22:24 - 2018-03-01 13:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 22:24 - 2018-03-01 13:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 22:24 - 2018-03-01 13:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 22:24 - 2018-03-01 13:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 22:24 - 2018-03-01 13:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 22:24 - 2018-03-01 13:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 22:24 - 2018-03-01 13:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 22:24 - 2018-02-22 10:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 22:24 - 2018-02-22 10:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 22:24 - 2018-02-22 10:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 22:24 - 2018-02-22 10:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 22:24 - 2018-02-22 10:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 22:24 - 2018-02-22 09:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 22:24 - 2018-02-22 09:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 22:24 - 2018-02-22 09:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 22:24 - 2018-02-22 08:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 22:24 - 2018-02-22 08:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 22:24 - 2018-02-22 08:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-03-14 22:24 - 2018-02-22 08:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 22:24 - 2018-02-22 08:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 22:24 - 2018-02-22 08:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 17:25 - 2018-04-10 20:52 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 21:36 - 2013-10-23 08:20 - 000000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 15:34 - 2013-10-23 08:20 - 000000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2018-04-11 00:38 - 2016-11-17 00:35 - 000000000 ____D C:\Users\Khairul\AppData\LocalLow\Mozilla
2018-04-11 00:20 - 2017-12-08 17:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-11 00:00 - 2016-07-23 13:48 - 000000000 ____D C:\ProgramData\Reprise
2018-04-10 23:24 - 2017-12-08 17:54 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-10 23:24 - 2017-12-08 17:54 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-10 23:19 - 2017-01-31 20:47 - 000000000 ____D C:\Users\Khairul\AppData\Local\Google
2018-04-10 23:19 - 2014-05-19 22:10 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-10 23:18 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-10 23:07 - 2017-12-08 17:51 - 001083554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-10 23:04 - 2017-07-12 19:47 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-10 23:03 - 2017-12-08 17:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-10 23:02 - 2017-09-29 16:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-10 23:01 - 2015-09-10 13:21 - 000000000 ____D C:\Users\Khairul\AppData\Local\Akamai
2018-04-10 22:50 - 2014-06-03 18:29 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-10 20:52 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 20:52 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-10 14:24 - 2017-12-08 17:54 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE844F89-CC4D-4DAD-B124-CF850A31808C}
2018-04-10 14:00 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-10 13:59 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 17:38 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-08 21:13 - 2017-12-08 17:30 - 000000000 ____D C:\Users\Khairul
2018-04-08 12:49 - 2014-06-04 11:19 - 000000000 ____D C:\Users\Khairul\AppData\Local\ElevatedDiagnostics
2018-04-08 12:19 - 2016-06-03 02:00 - 000000000 ____D C:\Users\Khairul\AppData\Local\Adobe
2018-04-08 12:17 - 2017-02-15 02:08 - 000000000 ____D C:\Program Files (x86)\Aspyr
2018-04-07 23:59 - 2013-10-23 08:17 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2018-04-07 22:31 - 2018-01-22 02:59 - 000000000 ____D C:\Users\Khairul\AppData\LocalLow\Unity
2018-04-05 01:24 - 2018-03-09 12:43 - 000000000 ____D C:\Users\Khairul\Desktop\saj
2018-04-05 01:16 - 2017-08-17 08:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-05 01:16 - 2014-06-21 16:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-03 12:10 - 2017-02-02 09:46 - 000001456 _____ C:\Users\Khairul\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-04-03 11:58 - 2017-12-08 17:31 - 000000000 ____D C:\Users\Khairul\AppData\Local\Packages
2018-03-27 23:51 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-27 23:49 - 2014-05-19 19:06 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-27 23:28 - 2018-01-16 15:35 - 000003484 _____ C:\WINDOWS\System32\Tasks\gxx speed launcher
2018-03-26 17:13 - 2018-01-17 23:06 - 000000000 ____D C:\Users\Khairul\Desktop\New
2018-03-25 17:23 - 2014-11-05 08:29 - 000000000 ___RD C:\Users\Khairul\Desktop\Stuff Of My Life
2018-03-20 17:10 - 2018-01-10 14:01 - 000002377 _____ C:\Users\Khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-20 17:10 - 2017-12-08 17:54 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2531606278-3718149232-1758616016-1001
2018-03-20 17:10 - 2015-05-13 13:25 - 000000000 ___RD C:\Users\Khairul\OneDrive
2018-03-18 18:58 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-18 01:09 - 2014-05-19 23:05 - 000000000 ____D C:\Users\Khairul\AppData\Roaming\Skype
2018-03-17 00:37 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 04:47 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 15:35 - 2013-10-23 08:44 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-15 15:24 - 2016-05-02 08:50 - 000000000 ___RD C:\Users\Khairul\3D Objects
2018-03-15 15:24 - 2014-05-20 09:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 15:21 - 2017-12-08 17:23 - 005526520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 06:46 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 06:46 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 06:46 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 22:45 - 2017-09-29 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 22:43 - 2015-01-21 10:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 22:38 - 2017-10-12 02:38 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 22:38 - 2015-01-21 10:52 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 22:29 - 2017-09-29 21:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 22:29 - 2017-09-29 21:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== Files in the root of some directories =======

2018-04-08 14:27 - 2018-04-08 19:16 - 000000004 _____ () C:\ProgramData\lock.dat
27142-02-25 06:26 - 27142-02-25 06:26 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\bBMyOYUoii.exe
27142-02-25 06:26 - 27142-02-25 06:26 - 000174592 ____N (Microsoft Corporation) C:\Program Files (x86)\JHKuYG.exe
2014-07-16 11:33 - 2013-08-23 22:00 - 000000082 _____ () C:\Program Files (x86)\update-SRIV.bat
2014-07-16 11:33 - 2012-06-15 18:24 - 000003153 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2016-02-03 05:54 - 2016-02-03 06:16 - 000000132 _____ () C:\Users\Khairul\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-12-14 18:05 - 2016-07-26 23:32 - 000000132 _____ () C:\Users\Khairul\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-08-26 14:26 - 2017-01-02 12:02 - 000000132 _____ () C:\Users\Khairul\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-03-07 15:12 - 2018-03-07 15:12 - 000000390 _____ () C:\Users\Khairul\AppData\Roaming\PureRef.ini
2016-08-11 21:38 - 2016-09-03 13:16 - 000000156 _____ () C:\Users\Khairul\AppData\Roaming\WB.CFG
2015-11-21 11:39 - 2015-11-21 11:39 - 000000000 _____ () C:\Users\Khairul\AppData\Roaming\Microsoft\6C81.tmp
2017-02-02 09:46 - 2018-04-03 12:10 - 000001456 _____ () C:\Users\Khairul\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-08 14:22 - 2017-03-08 14:22 - 000007605 _____ () C:\Users\Khairul\AppData\Local\Resmon.ResmonCfg
2018-04-08 12:25 - 2018-04-08 12:25 - 000000003 _____ () C:\Users\Khairul\AppData\Local\wbem.ini
27142-02-25 06:26 - 27142-02-25 06:26 - 000059904 ____N (Microsoft Corporation) C:\Users\Khairul\AppData\Local\YDJIm.exe

Files to move or delete:
====================
C:\Windows\Tasks\{38FE32D4-86B3-424F-A664-B0428E9031BC}.job


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-07 16:19

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Kiro (11-04-2018 00:45:18)
Running from C:\Users\Khairul\Downloads
Windows 10 Home Single Language Version 1709 16299.309 (X64) (2017-12-08 09:57:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2531606278-3718149232-1758616016-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2531606278-3718149232-1758616016-503 - Limited - Disabled)
Guest (S-1-5-21-2531606278-3718149232-1758616016-501 - Limited - Disabled)
Kiro (S-1-5-21-2531606278-3718149232-1758616016-1001 - Administrator - Enabled) => C:\Users\Khairul
WDAGUtilityAccount (S-1-5-21-2531606278-3718149232-1758616016-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3004.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.00.8100 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.00.8100 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Akamai NetSession Interface (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (HKLM-x32\...\WTA-2458fa17-63b9-48c0-85c6-5543ba1a5936) (Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\{7A12802C-4864-423D-9732-3A22577CE006}) (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bifrost for Maya 2018 (HKLM\...\{88F9B0C0-F303-45AD-8FC8-48373B4479BD}) (Version: 1.5.0.0 - Autodesk)
Bifrost for Maya 2018 1.5.0.0 (HKLM\...\Bifrost for Maya 2018) (Version:  - )
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-f18f9d87-7855-4ab0-8e8b-ff28d1c5e0b2) (Version: 2.2.0.110 - WildTangent) Hidden
CutePDF Writer 2.5 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{50582847-2051-45E8-8624-CCBBAADA6B5B}) (Version: 1.1.97.0 - Epic Games, Inc.)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena - League of Legends (HKLM-x32\...\LoLLCU) (Version:  - Garena Online Pte Ltd.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1803.2016 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-e6d8870a-c666-4284-9963-3ad37ec0d612) (Version: 2.2.0.110 - WildTangent) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Inno Setup version 5.5.9 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.9 - jrsoftware.org)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-647ad0ae-7980-49ae-81e4-479688628519) (Version: 2.2.0.98 - WildTangent) Hidden
MacX HD Video Converter Pro For Windows 5.9.9 (HKLM-x32\...\MacX HD Video Converter Pro For Windows_is1) (Version:  - Digiarty Software, Inc.)
Magic Academy (HKLM-x32\...\WTA-9ac7f966-8d00-413c-b0fd-597d367133a3) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MediBang Paint Pro 13.0 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 13.0 - Medibang)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.164.111 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MtoA for Maya 2018 (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\MtoA2018) (Version: 2.0.1 - Solid Angle)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nuke 10.0v3 (HKLM\...\Nuke 10.0v3_is1) (Version:  - The Foundry)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{EE1735AB-67DE-5169-87F2-CE7BB38318D8}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{fd4d224b-f286-4e2c-9b37-f461799d480c}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (HKLM-x32\...\WTA-c6445940-cea5-4a7c-9438-1dc6375cd779) (Version: 2.2.0.98 - WildTangent) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-10f4d8f5-7195-49e3-9ffe-c2f7252e96f2) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
PureRef (HKLM-x32\...\PureRef) (Version: 1.9.2 - Idyllic Pixel)
PX Profile Update (HKLM-x32\...\{862CC6C9-879D-86B1-CCEB-BD73B7614012}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\Spotify) (Version: 1.0.74.380.g1fcff12a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-575a5f2c-35ad-4258-953a-d3b034cadda3) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-5871aff3-7a3f-42c2-8970-9c777a99a2b9) (Version: 2.2.0.98 - WildTangent) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio Community 2017 (HKLM\...\e9d67517) (Version: 15.5.27130.2024 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-04-10] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWoW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers1-x32: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => C:\Program Files (x86)\Movavi Video Converter 16\vcContext\vcContext.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-11] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-04-10] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => C:\Program Files (x86)\Movavi Video Converter 16\vcContext\vcContext.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A1D5B9-C23F-44A0-9B75-8BFCB40A8374} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {0BC87091-1202-43C4-BB5F-0F6D11E5118B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-05-02] (Acer Incorporated)
Task: {0EA23A1A-E59F-457B-B46F-8EF6287AF1B1} - System32\Tasks\{8C94D566-EA37-F9C6-0B2B-6700BA1C419F} => C:\Users\Khairul\AppData\Local\YDJIm.exe [27142-02-25] (Microsoft Corporation)
Task: {1142515B-DCC6-443B-860C-B16F890B7640} - System32\Tasks\{5B94B7C0-6D4A-4A56-8DC4-50A738D521D4} => C:\Windows\system32\pcalua.exe -a C:\PaintToolSAI\uninst.exe -d C:\PaintToolSAI
Task: {12AFE3A2-F259-4967-ADDF-00838BBB739E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {15399A66-6A65-4DFB-84AB-AC50194637CE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1706E6C0-B0EE-4C26-82FC-A39D8487EA2E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {188E4FA9-44D3-4632-A2C1-F5B82E626922} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {250DDF73-AB7B-465D-93F3-96B172F324EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-10] (Google Inc.)
Task: {2B8BDE87-BEE4-41E5-B78B-7B45D66343BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {30EFBAF3-672A-4A1F-BDA3-582B56D636FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36F48CE2-143B-40C6-973C-BD83356AC37E} - System32\Tasks\{ADCCB612-15DE-4CA6-88D5-9D8A45FC9E3A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\Setup_DC\Setup\Setup.exe" -c /P {23C9ED7C-CB64-45FE-A7EA-1BA666F5589D} /M DIRECTCONNECT2015 /LANG en-US
Task: {378D84AA-F87A-44CC-BC91-961AE31EEE79} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2013-07-09] (TODO: <Company name>)
Task: {3967EBD5-CB70-48ED-84B3-D8483E224BF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4B3D0B69-22BD-44B6-8C29-A7F6B5F1F4D0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4CF41AFE-C091-49AE-89A9-E32375ABB01C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4E147066-D6CA-4851-8409-70995246229B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {52483A76-4CEA-4B32-BE8E-34028E9D6466} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {556A5A96-8C9E-4924-BBD5-78CD063587A8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {56D7381A-47A6-4619-908B-0142CB704BF0} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-Khairul => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {60FF22E8-8991-4F98-8E93-AE6E902926B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {69C0F503-8329-46F1-A359-F1D7E6742242} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-10] (Google Inc.)
Task: {6CEEC189-BB8E-4477-8748-85DC890E3405} - System32\Tasks\{38FE32D4-86B3-424F-A664-B0428E9031BC} => C:\users\khairul\appdata\roaming\{149A2~1\PRODUC~1.EXE <==== ATTENTION
Task: {72965A49-785C-4D60-8321-E47DAA757ADD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 888c3ba3-9631-4057-864a-fa5101c8bcb5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {7763553E-CDAD-4D9A-AA11-F8C24CEB7D84} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {8AFD8FE7-79DC-485F-A157-192F1669A5C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {90A7FA67-7B05-4174-9F0F-F52009EC0065} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9607F6FD-2983-4B26-8587-D6A546EF8FFA} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {A1E281A8-D280-4274-8BB7-97EFFA84E38A} - System32\Tasks\{F6786E86-C0CA-41C6-910C-401C3DDBD7CF} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\191ab4ed4617cc95bcc9905e10aa4f8f.exe
Task: {A3900BCB-DF7E-41B1-991F-4A55ABEE8298} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {A59F8590-3B0D-4E2D-A197-6A03AB3AF9FD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A962725D-1BAE-43BD-9000-EFAF1455EDFF} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-06] (Acer Incorporated)
Task: {ADBD3951-04C5-422A-90C7-24C2920968F1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-milo.airbatu@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {B56C8223-E415-4FA2-93DF-03B5E91FFE1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C6BFD305-4AE9-4054-A921-B76C15F87B0B} - System32\Tasks\{7B033DBC-5A88-EC87-B610-B9F76E9EBC6B} => C:\Program Files (x86)\bBMyOYUoii.exe [27142-02-25] (Microsoft Corporation) <==== ATTENTION
Task: {C9CD78A9-4848-4F34-AB58-FC629C3D8C00} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-Kiro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {CAB260C8-CD40-4367-92F1-4BBAEDD57BCC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CBB6E9D2-7A6B-4DF4-8934-C1611DAE3C5E} - System32\Tasks\{E24C7BDF-0B10-4E3B-9124-57368C91A447} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\unins000.exe"
Task: {DA26F958-4482-4CBC-A1C0-873DDBE6E190} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DF39AF29-544C-46F3-838A-32AD125F6748} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E06302FE-BD1B-407D-BB87-8EF44DBF8C00} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E1A05DC7-AA9B-40FE-B1FC-6D5FAB170866} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {E3DA9111-9A51-4187-B3CF-F87B55633B78} - \WPD\SqmUpload_S-1-5-21-2531606278-3718149232-1758616016-1001 -> No File <==== ATTENTION
Task: {EE9FEEF7-7614-4F44-9FCF-6F0C1BF0B9AE} - System32\Tasks\SUPERAntiSpyware Scheduled Task 40eb7fcf-52d6-4a53-9db3-f298e02eeb14 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {F035D7F5-37DF-4FCE-B65B-F7BB2B619BD1} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-03-20] (Garena Online )
Task: {F2C86FC2-4E49-4CA9-9773-0E5DC077A267} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 40eb7fcf-52d6-4a53-9db3-f298e02eeb14.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 888c3ba3-9631-4057-864a-fa5101c8bcb5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\{38FE32D4-86B3-424F-A664-B0428E9031BC}.job => C:\users\khairul\appdata\roaming\{149A2~1\PRODUC~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-09-02 17:09 - 2005-10-30 17:48 - 000077312 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-04-23 10:58 - 2014-04-23 10:58 - 001656416 _____ () C:\Program Files (x86)\My WIFI Router\bmser.exe
2014-05-21 16:23 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-05-30 10:39 - 2016-03-22 04:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-07-18 01:15 - 2014-08-20 03:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-11-01 03:45 - 2017-05-11 15:51 - 000598528 _____ () C:\Users\Khairul\AppData\Local\MEGAsync\ShellExtX64.dll
2017-03-23 15:00 - 2017-01-31 20:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-03-14 22:24 - 2018-02-22 08:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 22:25 - 2018-02-22 08:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-27 21:14 - 2018-03-27 21:15 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 21:14 - 2018-03-27 21:15 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-27 21:14 - 2018-03-27 21:15 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-27 21:14 - 2018-03-27 21:15 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-27 21:14 - 2018-03-27 21:14 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-03 11:57 - 2018-04-03 11:58 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-04-03 11:57 - 2018-04-03 11:58 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 03:48 - 2017-10-04 03:49 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-10 16:54 - 2018-02-10 16:55 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-04-03 11:57 - 2018-04-03 11:58 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-04-03 11:57 - 2018-04-03 11:57 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 12:41 - 2018-03-01 12:42 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-01 16:31 - 2018-02-01 16:32 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-30 17:57 - 2018-03-30 17:59 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2017-10-13 14:46 - 2017-10-13 14:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libprotobuf-lite.dll
2018-03-20 16:38 - 2018-03-20 16:38 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libs\gxx_pipe_engine.dll
2018-03-20 16:37 - 2018-03-20 16:37 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libs\FSFileSytem.dll
2018-01-24 03:34 - 2017-12-19 14:47 - 000061864 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2018-01-24 03:34 - 2017-12-19 14:47 - 000140200 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2014-04-23 10:58 - 2014-04-23 10:58 - 000193392 _____ () C:\Program Files (x86)\My WIFI Router\bmupdex.dll
2018-01-24 03:34 - 2017-12-19 14:07 - 000050008 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2018-01-24 03:34 - 2017-12-19 14:07 - 000058712 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2018-01-24 03:34 - 2017-12-19 14:06 - 000202072 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2018-01-24 03:34 - 2017-12-19 14:06 - 000748888 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2018-01-24 03:34 - 2017-09-05 16:09 - 059523896 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2018-01-24 03:34 - 2017-09-05 16:09 - 002203448 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2018-01-24 03:34 - 2017-09-05 16:09 - 000087352 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2013-10-23 08:12 - 2013-09-04 07:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08692296.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24336373.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30469751.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65440187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08692296.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24336373.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30469751.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65440187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2016-12-19 12:21 - 000001680 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
106.185.32.13 gs001.pso2gs.net #PSO2Proxy Public Server Ship 01
106.185.32.13 gs016.pso2gs.net #PSO2Proxy Public Server Ship 02
106.185.32.13 gs031.pso2gs.net #PSO2Proxy Public Server Ship 03
106.185.32.13 gs046.pso2gs.net #PSO2Proxy Public Server Ship 04
106.185.32.13 gs061.pso2gs.net #PSO2Proxy Public Server Ship 05
106.185.32.13 gs076.pso2gs.net #PSO2Proxy Public Server Ship 06
106.185.32.13 gs091.pso2gs.net #PSO2Proxy Public Server Ship 07
106.185.32.13 gs106.pso2gs.net #PSO2Proxy Public Server Ship 08
106.185.32.13 gs121.pso2gs.net #PSO2Proxy Public Server Ship 09
106.185.32.13 gs136.pso2gs.net #PSO2Proxy Public Server Ship 10

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Khairul\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "Mobile Partner"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "AcerCloud"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "SaferVPN"
HKU\S-1-5-21-2531606278-3718149232-1758616016-1001\...\StartupApproved\Run: => "Overwolf"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B28E781-B2F3-4FFB-814C-2BB16A387098}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.3015\gxxsvc.exe
FirewallRules: [{4B119622-0255-4CBB-B79F-A8171EE76B40}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.2118\gxxsvc.exe
FirewallRules: [{126CD662-5094-4042-94EA-8BAA5CA6CBB1}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.1719\gxxsvc.exe
FirewallRules: [{FF9C5B67-8F0D-444F-9791-025FEBF82178}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.0815\gxxsvc.exe
FirewallRules: [{EB221112-0E77-4363-B243-AF82C8F7D2E2}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.0619\gxxsvc.exe
FirewallRules: [{D29DE5D3-4F9B-4AAC-8449-25A245587950}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1710.2100\gxxsvc.exe
FirewallRules: [{FC211730-79E5-4CC3-88EF-46F99BD02766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{DB576395-E855-495A-959A-6A9D1BE8018A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{0BE582F0-DE17-4ECE-A99B-7E15AF32417E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{475A74C5-9755-4735-87A2-4832EA72B703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A9F4B427-B1BD-436E-B413-F799E8F2553B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B96D9BCE-89ED-4212-BF2B-EAF737A8B736}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9FEB24F6-74DB-48EE-9A2E-648AE304A521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B0CDE855-C24E-44F9-9A87-00DBFC0E9EEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{93EE55D3-0D9A-4D2E-BCA7-4D9913C4EB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{731A6339-F452-4094-87BB-425AE2C569C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B91DA158-1105-4C50-BF39-EE32250DC67A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5372C42C-C74B-43EB-872D-FFFF08FBDD6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3102090F-E8DF-43FF-B650-F680E7C45021}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CBFFAA6A-93C7-452C-A96F-535A1E06C0F9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7D3F3C15-9D9A-4F7F-A165-91E3B7A04B68}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E3244874-BD6F-4D8B-8BE7-3EF6403BD2AE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EA871ABC-CD0D-4EAC-B0E9-7F880E8E6248}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{FA5DD6CB-0577-45A9-90AE-1EEC34048B80}C:\users\khairul\desktop\stuff of my life\le hues\battle.net\scii\starcraft ii\overwatch\overwatch.exe] => (Allow) C:\users\khairul\desktop\stuff of my life\le hues\battle.net\scii\starcraft ii\overwatch\overwatch.exe
FirewallRules: [TCP Query User{1173D1C0-CACF-4C67-981D-B75A4A1119E6}C:\users\khairul\desktop\stuff of my life\le hues\battle.net\scii\starcraft ii\overwatch\overwatch.exe] => (Allow) C:\users\khairul\desktop\stuff of my life\le hues\battle.net\scii\starcraft ii\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E724069A-877B-4258-9990-8AF4977A75F8}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe
FirewallRules: [TCP Query User{1E20A35C-9C1C-4B8F-88E2-CB6875C1E146}C:\program files\storyboarder\storyboarder.exe] => (Allow) C:\program files\storyboarder\storyboarder.exe
FirewallRules: [{3778DFA5-D87A-4DD6-9575-E74D647C7F88}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1709.0618\gxxsvc.exe
FirewallRules: [{B1F51D47-4F84-48A6-975F-EA29C84AF015}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C350E2DA-C0B2-444B-B558-8BEDD57916F8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4DD5BD43-B4EB-4555-B821-EACACA162935}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{37C2031D-91CD-4A12-BB48-26DC7416F964}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{63F0060A-2B2E-488B-A821-04EAD909149F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{74B67A85-0FB6-461B-9295-4A0F6385C5E0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B2965DFB-F8DF-4980-A05A-CFD4026961A0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0FE029DB-0B34-4D6B-80AB-CC26A14D6CBE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{45B5666A-E82E-40D1-A317-FE8D3DDDFA57}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B8F95265-6004-472C-8C8D-A5CA1143B823}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{14134DDB-529C-4EEB-B6E4-18115A5CDF87}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0BA52D25-134E-4A35-BC14-FDF531541063}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{595E26E9-C629-479E-BB1F-9F4F53310CF7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{693A3C24-7000-4865-BA00-998400869475}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CBF7D7A0-21A8-4C53-B044-E2BA0CEDD8C3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{ED620033-8019-4B85-AAB2-398A4F94C719}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E173EBCC-528A-468B-8588-3E787A9158F4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{438D5714-D7E6-4FE0-8BED-306BEBCE3C4B}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1708.2116\gxxsvc.exe
FirewallRules: [{7F8DBD76-09A3-48CB-9A1F-B9F69F5B0052}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6C7C4BB6-3665-46EF-A5F4-CF1369257E90}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4206FA28-12EB-4B47-A6F2-67D084309E8F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{69804D85-F566-45FB-9C64-07DACFCAE1F0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{86442ABF-63C0-4A4E-B299-2BA3B5AFC679}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B2599C78-AD3F-43E4-B218-5D0590892AFE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D954AB25-0EAD-4CB9-8B19-10E01CEB313C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0CF83ABF-9AA8-4784-87B6-72FE2CE0F3C0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{785742D8-7772-4B05-A7CB-ACFB7026FA23}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AE797665-6D57-459F-9570-28368DA302AA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F91BC2B4-ABEB-45F7-BC0F-9D6B53FEE1E0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E7237E93-C362-4F98-89FB-E0A22FB2A7F3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B671A23F-F7C8-404A-92D3-DEC13349747C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3BDEB144-5B63-439D-9049-03314B2A311B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{40AA5CDE-C3BD-4461-A5BD-DA27A6592BA1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FC8CCC17-5F4C-4FC9-9AEC-ECE1FDF9C1FC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1C1199C0-6D80-449F-A774-35B9F27B743E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BC0D4C7A-0844-4547-BBC2-93C177B34367}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{06414B95-19FE-4E27-80EF-668FE675FC38}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{80B16320-576D-488A-9237-B7A6057C455F}] => (Allow) LPort=6905
FirewallRules: [{E91200AA-FD1C-49C7-A199-5C8B6685FDE4}] => (Allow) LPort=6905
FirewallRules: [{D7BF0A6E-F69E-4EB6-A0E1-E0F621E5081E}] => (Allow) C:\GarenaDownload\Games\lollcu\LoLLCUInstaller.exe
FirewallRules: [{30A8AEC4-130E-4D32-AD96-4FE6D329142F}] => (Allow) C:\GarenaDownload\Games\lollcu\LoLLCUInstaller.exe
FirewallRules: [{E667EA3B-711B-45B4-BCC8-5B8D066F3B90}] => (Allow) C:\Users\Khairul\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{141D5149-77DE-4EE3-8409-8FD3E26675AC}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{F6539955-1929-4B47-A9E9-D9AD897E53E1}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [UDP Query User{B494597E-6C47-41E2-B5A8-A5202EDC9169}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{43F93E67-9BFD-49A0-8633-9B883C4C0459}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{6A7A0FC0-9412-48EC-A613-8B21E3E3FE64}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{21F868A1-8623-4815-884B-EB4A709BC51A}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{8A45F1A7-9D48-44DB-A84C-48C0E3536E33}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{2C0C0893-D41F-471C-B0A0-8ED660AAFEE6}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{99796CE6-5735-4E43-8249-8E52616CAA53}] => (Allow) LPort=8370
FirewallRules: [{27F5E207-1C1D-462A-8C19-2028248EF9F6}] => (Allow) LPort=8370
FirewallRules: [UDP Query User{1CAD88E6-C32D-486F-B20F-9A9718DCC613}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{0CC963A0-B178-4F23-9B73-36FBD32E85CA}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{2913F5DB-C73B-4D92-AA82-6A79A6D47B68}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{3C746034-716A-40FB-B7C4-EE37E37B2CEC}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{4065F6A0-1ECC-42D2-82E9-073E0504B392}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B81E6C58-D9E4-401A-B4C2-D145D9C47EB4}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{82CAE916-5DD2-4773-AEE9-946DE04505D9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F4FE2509-A977-4C2A-9804-D86DEC927AD8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{9B1EC477-5F54-460A-B71D-89D27CAE6DE6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D52608AE-261D-468D-ACA8-94AD67D9B83C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{9027878F-FFA6-4DC7-99E1-2513DB43A9BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{C434B199-D6D1-4FA4-9101-87163DC126F0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{608938A0-CF1D-4717-9C97-D77CE47B2718}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{45483722-3430-4F20-9558-4EC52647B3DD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{BFD46D7B-B33C-483F-9076-3A9BB81FF8A3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{278C6300-58E9-4F7C-9423-3EEDDBFD9194}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7C763844-4277-47D0-824E-5D7522B39E6E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5D61022E-DBC0-4D2A-8E93-5AC6E4E1A90A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{AAFBCE2B-7C40-4BE3-A424-26567144D487}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{3C624371-C000-4446-B91A-C13EB8B70D23}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{41C6C96B-E274-4F99-AE79-58B390B0A384}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{08134290-7D32-4D28-81FC-9C4D0B09D031}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4CBF010E-6D03-495E-8364-BA77AA5CDDBA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A8E6B370-2346-44DF-9925-3A288667F7B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D75CF059-3DDC-46BF-8174-35EFD602B195}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{51C5D835-F4A3-4E9D-9DE7-4D34AFA7861A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{A41BEC54-5981-4738-B2BA-39FDB4F4D3B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A217A5D7-BF79-42CE-A809-34EB90A26936}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6ACB8CAD-1799-4715-971A-7B18C0FA3CF9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B336A9EB-2189-44C3-A8C0-BCCCB68EA0FF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{740A5F88-D628-4448-86A1-B3DB5ECBD6D7}] => (Allow) C:\Users\Khairul\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7DC98BA3-B75F-413D-AFE2-7C3190F82078}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0FB6457E-929B-4AF4-84E4-F281522A76FA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{47DB26AC-2BFE-41A9-AA3D-E689921FC422}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4682C61E-F768-45E3-AEFC-3E5B743209E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{672F3136-A3AB-4BE2-B959-5C7DBA6D1630}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{C01D0165-5DEF-4BFB-A207-6045AB370D37}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{5818B918-51EC-4811-93BB-C1958A210DAF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{0CBE088C-AA3C-47D6-9031-6754189D3984}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{CAD3A1C8-3802-42A0-9D13-E2530E3BCDB6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{588BD00A-DEBD-4675-89EA-AB78BEC61133}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{FEF812B0-8273-459C-9C86-5DA044E82155}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{2813AFD7-D0B0-4B1E-A24F-11A1B7EBC2C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{AB9F4AF1-20FC-44BE-AC1A-EEDF18238E41}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{981EDA18-CED0-45D5-B501-CD5FD39E27D7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{E9BB6B75-D5D9-476B-8D6B-4DCE49FA4AC5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D467439C-2F75-49AA-8870-194FD2FC3FA8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{05E613A8-2F2F-4D23-8C32-EFFEB0D98E00}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{3025B855-7BBD-4AC5-B714-033348DC6ECB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{EBDCD8F2-E378-4DFD-B8CE-D158E9CC12C6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{14828641-BC6C-48A3-9FCE-2B0E77970509}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{81EA6BCA-9A7E-490B-9950-9D94404C848F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{E33B1684-88F8-415F-BE8F-B6C2DE259C56}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{DC6ECF99-DA7F-4A1E-8EFC-2928EBC477B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{6FDB71C3-68B5-48AF-BC87-A0FE077493E2}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{D2D759AA-8E9A-405D-ACFF-8B6F1FA6DA28}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7612FEF1-D769-4E70-8CDF-0ABFB24D5320}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{59611216-034A-467A-8BC7-618F27A9A514}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{55141BC1-2A53-4A9A-B80B-E588ADC86F36}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{C95DB8EE-589C-48F0-B3E0-ACCDEF5C60A3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{46613C8C-66A0-4B34-BCE5-4099F3A46650}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DE6C5DC0-C342-4E73-9E43-4E01D08F0704}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{23935305-43D2-4C74-AAB8-7352D4C904D9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D313483F-F3C8-454F-8904-FD767B1A51C2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{7C151E36-C47B-432C-9B6C-BE6BE5D528D5}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{B768E7D3-0D70-4A0D-A9E8-17D423B4E51B}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{1785C657-39B3-4B12-B47F-6F516C555D7B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{103AB7F1-5CC1-47F2-BF05-39B27F6B2F99}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FF93BB66-51C0-4843-9E37-D31996493F77}E:\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) E:\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [UDP Query User{651495F8-701B-4DA3-AE69-D344C6887967}E:\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) E:\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [TCP Query User{9C980680-2056-46F4-9D90-056CBB5FC051}C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [UDP Query User{CD8CF452-0A1A-4B83-A5A6-E6D20C1F870B}C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [TCP Query User{7990E87C-F36D-4A57-AEE5-F852DC9C0D3B}C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe] => (Block) C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [UDP Query User{303274C2-470F-4F0D-9CEB-AA36F38B3AA7}C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe] => (Block) C:\users\khairul\desktop\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [TCP Query User{25AB7AE5-0D4F-47D6-A1C7-E87863E53C4E}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{9E890E36-E1F5-42A0-ACF0-BDD6F1BE2AFA}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{07C6606D-5D8B-4460-9D00-6D5AA4A3BE1F}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{F92EAB3D-4BC3-4631-BB31-AF9ECCA9C9E3}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Allow) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [{9E0B4859-D587-425E-9E2F-4EC17915C465}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{97F33CD2-BD17-4599-BD88-67ACDAF9E0FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48C497F6-328E-435C-A54B-E0671FAAB1E8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8C9F8D25-E8C7-457A-B110-008E0A936AE5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B134B7C1-9C9E-4410-9020-F355F8C8BB68}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{ACF5A5FC-0C0F-45FF-BF37-EC25944C5706}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{C1DD2D69-7126-48B9-84B8-A9124938518A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{F9EC0ED8-8C3B-4CDA-86E0-7F3801145890}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{7808CB1F-F32D-403C-9302-0291C3BCCC7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{82AE3438-0C12-4803-BE48-A51F33C98A06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [TCP Query User{51E0332C-9A62-4EBF-A05D-5BB346B44B6B}C:\users\khairul\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\khairul\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9C4866F1-A603-46DA-BFCF-9C817A3CECE8}C:\users\khairul\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\khairul\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32C9D024-AB0D-4257-8318-98B423FCDB69}C:\users\khairul\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\khairul\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7C3EF988-3CA5-43EA-96DF-51D230651932}C:\users\khairul\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\khairul\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A3B57C38-7E95-427F-ADFD-6D857D56B6B3}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{5AADCCBB-3056-4001-A590-1A45AE7B2EA0}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [TCP Query User{D68C07DD-1BF6-440D-8965-273532ECEF48}C:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{C8A80D2F-277A-4D22-B7AA-628744DFDBA5}C:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{3A910EC5-E3F3-4925-AEEF-8EEF0778C2B7}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{252AB730-7915-4E47-A356-9E894DC50A18}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1483784E-7DAF-4EFF-A965-E827FF02993F}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{C2D2A90A-B166-4660-8AF1-2FA1B6EE2117}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{FEFF470A-2B5F-4E4E-BA57-A2516846F1D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{CE8FF402-514D-4338-93C9-AD67B5B5B6B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [TCP Query User{DDD6EF9F-9FD5-41E2-A498-C801C82C7081}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [UDP Query User{ED51F22E-24CF-42DC-A7E8-C7180197CB8F}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [{B668543B-7638-4B06-B227-9328238A82C1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F9ED20F-9DCD-41F2-BF01-6170FC5FE5A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6399B996-8372-4268-8639-19C10C40F116}] => (Allow) C:\Users\Khairul\AppData\Local\Temp\nsjE77F.tmp\CnetInstaller-10661456.exe
FirewallRules: [{281342B3-1677-4B5B-89F8-ABDBECA059ED}] => (Allow) C:\Users\Khairul\AppData\Local\Temp\nsjE77F.tmp\CnetInstaller-10661456.exe
FirewallRules: [{9E30E9B9-B019-46A4-BB8E-5D98AEA9EEE4}] => (Allow) C:\Users\Khairul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22B872F2-71BB-4E88-8D61-863BA6A5B3EC}] => (Allow) C:\Users\Khairul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{911E9B58-76F0-41DF-8371-334EE17746D8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6808C1BA-5EC2-4635-9F56-77E8769AC196}] => (Allow) LPort=2869
FirewallRules: [{819C4601-51BF-4D98-A1D4-D16FE8337978}] => (Allow) LPort=1900
FirewallRules: [{5B392CF1-A20E-46D4-96D1-5B19E05D946E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{5D3F3F0F-E3EA-4AF6-813E-6E5B2A1796C2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3A91D7C6-F8FA-4A52-A09A-1CC5813B90CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9AD51615-F0E2-471D-9534-64672B2CFCCA}C:\cod\iw3mp.exe] => (Allow) C:\cod\iw3mp.exe
FirewallRules: [UDP Query User{2C1F7299-D195-4073-B4C1-86358E0DC157}C:\cod\iw3mp.exe] => (Allow) C:\cod\iw3mp.exe
FirewallRules: [TCP Query User{CFAD07DD-A851-4AFC-80D6-5E56B4ABE94B}C:\users\khairul\desktop\stuff of my life\le hues\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) C:\users\khairul\desktop\stuff of my life\le hues\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [UDP Query User{1087F762-9663-48C4-B5D4-F41E249A0246}C:\users\khairul\desktop\stuff of my life\le hues\cod world at war\nazi zombies\codwaw.exe.exe] => (Allow) C:\users\khairul\desktop\stuff of my life\le hues\cod world at war\nazi zombies\codwaw.exe.exe
FirewallRules: [{EC61D353-8259-47A7-AC81-4B5031370F10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{DA775CDB-2BF3-40C6-9B37-43AA8B3023C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{AE4D6750-98B8-4493-828A-D6E512FFFC38}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{1B688273-1EE6-47BC-A1DC-361FEC40A8DD}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [{529D6AAA-B1DC-469D-8C6D-A0702593E277}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{F3064E7F-314F-47DA-8A62-D0150BD6B98F}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{5B3ACC76-FF1B-4C72-9CEB-313A6EC61977}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{9FCECD56-BC13-4896-95B7-F52077C2E2EE}] => (Allow) LPort=8370
FirewallRules: [{EADE394C-6D74-443B-B5E0-BFE3C9808279}] => (Allow) LPort=8370
FirewallRules: [{B6FD3462-E182-4661-A2D5-F44012C86B4A}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{28A56F33-D293-4BBF-94B8-9971144B4DA3}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{35D4F375-6B69-4AE1-81C9-ED62D6373A8B}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{50BCB869-290A-41AF-882A-F099F3B8B38F}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{B400B538-AD63-4AC2-ACA7-DC5F088556CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{07E22835-6993-4B40-9433-27041EC59C61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{486BDE9F-41AF-444C-881A-1FEB796B2B16}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{794DF8C4-A2EA-40CB-805E-C499D320B086}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{1F2CA548-C4BE-4D87-9FBB-766195B21FAD}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{78F5A4E1-3488-4B09-BB62-E3A4EAC39BC7}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{7A9046B2-3FAD-4B69-AD71-B192D86653CC}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{A1A6638B-FFA0-4DE6-8F5B-2B677D1C1479}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [TCP Query User{301A2F99-E575-480D-8ADF-8C7E508B2625}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{69EDBE3A-3726-4F19-8C72-87851141A4B6}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{E6D9DC2A-EB33-4983-9333-21BC22BF0733}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08124509-ECF9-4323-B2C5-9F46E5862167}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D9049226-7EEF-4260-8489-A7142505C2DF}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [UDP Query User{4F7A186B-D625-496F-A688-63D17BECDFAF}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [TCP Query User{7EE1FF5D-01CA-4F28-B014-E831E6093096}C:\users\khairul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khairul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5E7A7995-35A5-47EB-B7EA-477D8F92477A}C:\users\khairul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khairul\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{636A60F2-2929-420F-BEDE-18A773146033}C:\users\khairul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khairul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{66DBE2F1-3464-455F-8B56-9015511CF420}C:\users\khairul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khairul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8E2399CD-1440-49AE-BD1E-3FD1EEB749A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B7E465BF-6022-4F92-8A7E-FC2011C04206}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BF94344D-F956-4AD0-B902-BD7C5526705D}C:\garenadownload\games\lollcu\lollcuinstaller.exe] => (Block) C:\garenadownload\games\lollcu\lollcuinstaller.exe
FirewallRules: [UDP Query User{60A0D6E7-A1FB-4222-9E82-068A58ADBDF4}C:\garenadownload\games\lollcu\lollcuinstaller.exe] => (Block) C:\garenadownload\games\lollcu\lollcuinstaller.exe
FirewallRules: [TCP Query User{A19677DB-9890-4587-8AAE-29FE47699451}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [UDP Query User{EDCDCC26-6567-4DD8-BE70-3E462D9E06B0}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [TCP Query User{1F9747CA-86FF-4C68-A982-3F0B36786B22}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{A470BF86-F04A-4536-96BD-CF462BC4025C}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{F3C203B7-FCD8-4E60-B65B-97D4BF87E8A4}C:\program files\autodesk\maya2016\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2016\bin\maya.exe
FirewallRules: [UDP Query User{6F53CE61-5ED5-494C-A009-DE884F8BDDA6}C:\program files\autodesk\maya2016\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2016\bin\maya.exe
FirewallRules: [{8ECC6C9C-32A9-4346-8014-BE336C364522}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1703.1720\gxxsvc.exe
FirewallRules: [{572F5975-C5BC-4984-AE21-4C026422C149}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1703.2418\gxxsvc.exe
FirewallRules: [TCP Query User{A341534B-23B0-4739-8588-0891D165D52F}C:\users\khairul\downloads\lolinstaller.exe] => (Allow) C:\users\khairul\downloads\lolinstaller.exe
FirewallRules: [UDP Query User{9F564D4D-F919-4F4E-A02C-AB46CD718B81}C:\users\khairul\downloads\lolinstaller.exe] => (Allow) C:\users\khairul\downloads\lolinstaller.exe
FirewallRules: [TCP Query User{42BEA290-53A9-4D1F-9865-13B99C00EAF6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{D57BD6BB-E090-4EEA-BB49-13D439ADFE16}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{2E253218-C5A8-458D-AE2F-DC8F73D1D28C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{ED3D8E95-5475-43E8-B7BF-39FDE354CD3A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{D182D2DA-6168-45B7-9C5E-195A0C97F9AE}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{5E722BAB-6CDF-4133-A32C-018227758512}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [{A6AE2ABC-CB84-4C55-9520-820B780EBEA7}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1712.0910\gxxsvc.exe
FirewallRules: [{33D1CC8E-CB04-4C49-9D81-8045D5E3EC6F}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1712.1220\gxxsvc.exe
FirewallRules: [{A6D8A8B1-3580-4878-914C-8FD98ACE2A67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{59FA9808-F1C6-47B3-B64F-9C012880B95F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{B1FB767C-5386-4226-98FC-EC85E663D267}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1712.2910\gxxsvc.exe
FirewallRules: [{61F01383-37B0-4BF4-9209-A90670F64F33}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1018\gxxsvc.exe
FirewallRules: [{767B80CE-4507-4D06-85B9-8D0903ECB55E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{1946B6BD-F0C9-4A5A-A873-C99C6CFA7009}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{37791DAF-E4E4-4880-8423-03924DBE2B8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe
FirewallRules: [{6C894E14-A1DD-4998-991E-9A7E21C6461E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe
FirewallRules: [{89AD914A-B5C1-4EB4-BF2C-F6E900999310}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sakura Shrine Girls\Sakura Shrine Girls.exe
FirewallRules: [{2D1969E7-6F0B-498F-8533-020AD8D305EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sakura Shrine Girls\Sakura Shrine Girls.exe
FirewallRules: [{B092C89B-6BDA-449A-B6AA-3C44C81820EB}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe
FirewallRules: [{9EF374D0-2517-4B99-A792-44F9D1F5C96A}] => (Block) C:\Program Files\Unity\Editor\Unity.exe
FirewallRules: [{2EB5345A-F88A-4F71-B543-B916A88CBF3F}] => (Allow) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe
FirewallRules: [{FE932D8A-19CD-4CAC-90D0-C35D9DA2E7D7}] => (Block) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe
FirewallRules: [TCP Query User{9CFFFDB7-2BEF-4A19-8B27-6179585A186E}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{0B0B0539-B9E9-4E94-A3EC-4CF6411D25BD}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{6611B71C-F610-4A04-9F97-B7A103867DA0}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [UDP Query User{5813C23C-CB25-4EA4-90AB-5EF3F87ABEB1}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [{B6BB26E3-51A1-4552-B44A-F99D9C61F5FD}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1820\gxxsvc.exe
FirewallRules: [{B145E711-DAD7-438F-BE82-8597902456B9}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1802.1114\gxxsvc.exe
FirewallRules: [{BD21F8A2-CABD-4B2E-98C4-C1EE7DE4D9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{EAD2E464-8BC5-447F-BAFA-A434957F425F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{F9F672C4-E8B1-4A05-A74A-D6C8D2732F65}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.0214\gxxsvc.exe
FirewallRules: [TCP Query User{092AB861-14A1-42FF-8261-7DC1D7D2B7B8}C:\program files (x86)\garenalol\gamedata\apps\lol\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalol\gamedata\apps\lol\leagueclient\leagueclient.exe
FirewallRules: [UDP Query User{113F7CB0-5B93-45B5-A7AA-4C41427820C6}C:\program files (x86)\garenalol\gamedata\apps\lol\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalol\gamedata\apps\lol\leagueclient\leagueclient.exe
FirewallRules: [{51D019C0-340C-40E5-8E35-D3D133872F42}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe
FirewallRules: [{9142567F-BA74-4121-9899-E0DFEF9DA342}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HunieCam Studio\HunieCamStudio.exe
FirewallRules: [{65E77A0B-4B53-4025-8E12-DA730FAD35F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HunieCam Studio\HunieCamStudio.exe
FirewallRules: [{48764D98-A786-48AF-B173-321F12ABF82D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{5122DAF1-E356-4CC3-B606-7550C28DA3C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{A0440CBC-BAB5-43B2-9AA3-35A1809FE035}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{60C11BE1-E837-4E96-BE00-B131663DB268}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{60A3AA78-4B4A-43A6-A1F3-0563A68CB12A}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{4284AEA8-41AC-4C3F-BA4B-3F96F5AC16EE}] => (Allow) C:\Users\Khairul\AppData\Local\YDJIm.exe
FirewallRules: [{2CA106C8-DDD9-4AD5-B80C-845AC49CC48C}] => (Allow) C:\Program Files (x86)\bBMyOYUoii.exe
FirewallRules: [TCP Query User{C66DDE8D-60C0-4B77-9729-35147B633BF4}C:\gog games\worms forts - under siege\wf.exe] => (Allow) C:\gog games\worms forts - under siege\wf.exe
FirewallRules: [UDP Query User{F494D41B-22AA-46C9-9158-3B59637B0C73}C:\gog games\worms forts - under siege\wf.exe] => (Allow) C:\gog games\worms forts - under siege\wf.exe
FirewallRules: [{16F76AEB-EEF6-44D6-82D4-32BB8FD21E29}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000278,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000656B57EE20.72).  hr = 0x80070005, Access is denied.
.

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000260,(null),0,REG_BINARY,0000005E8D4FDD50.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {78727258-e569-405d-b2ad-41342dd56468}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000230,(null),0,REG_BINARY,000000656B77EF60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {0b8af103-ac9e-4216-95c4-84bbde3c92cd}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000240,(null),0,REG_BINARY,000000656B5FE8F0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {33abab9c-bfa0-4226-b2af-7932d8b0d943}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,(null),0,REG_BINARY,000000A3F397DBE0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {438b75c6-f2f0-464c-b9a1-6faf77caf0c6}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000260,(null),0,REG_BINARY,0000005E8D4FDD50.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {78727258-e569-405d-b2ad-41342dd56468}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000208,(null),0,REG_BINARY,000000656B7FE4A0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {535958d3-f844-4365-a47b-e52302727e9b}

Error: (04/11/2018 12:37:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,(null),0,REG_BINARY,000000A3F397DBE0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {438b75c6-f2f0-464c-b9a1-6faf77caf0c6}


System errors:
=============
Error: (04/11/2018 12:45:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:43:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:41:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:39:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:37:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:35:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:33:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/11/2018 12:31:54 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-04-10 01:11:27.976
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\816894c8c0302bf21574da164f705376\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.326.0, AS: 1.265.326.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 01:07:26.493
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\816894c8c0302bf21574da164f705376\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.326.0, AS: 1.265.326.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-09 22:52:44.531
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\816894c8c0302bf21574da164f705376\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.318.0, AS: 1.265.318.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-09 18:57:37.845
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\816894c8c0302bf21574da164f705376\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.307.0, AS: 1.265.307.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-09 18:56:14.468
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\816894c8c0302bf21574da164f705376\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.307.0, AS: 1.265.307.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 23:14:18.948
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.352.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 23:14:18.947
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 23:14:18.932
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.352.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 23:14:18.931
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.352.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 23:14:18.931
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.352.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-04-09 17:54:33.086
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:53:35.039
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:51:53.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:51:37.937
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:51:29.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:50:27.632
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:50:23.073
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 17:50:05.599
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8072.27 MB
Available physical RAM: 4089.04 MB
Total Virtual: 9352.27 MB
Available Virtual: 5690.18 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.69 GB) (Free:404.12 GB) NTFS

\\?\Volume{f39cfc55-9eb6-4ede-83b1-e15e37869367}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.07 GB) NTFS
\\?\Volume{45fe07c1-504b-4d76-ab09-493462c3bbdd}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
\\?\Volume{f97b4502-06be-4062-a0fe-a5cf1c6b6a56}\ (Push Button Reset) (Fixed) (Total:17.01 GB) (Free:1.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F0736D6F)

Partition: GPT.

==================== End of Addition.txt ============================


I am using an Acer laptop with 64-bit Windows 10.

Recently, my laptop got infected with malwares that came from an application called SearchAwesome. Within SearchAwesome, it came out with a lot of packages of malwares that are slowly killing my laptop. This application was automatically downloaded when I was on Twitter a couple of days ago. The malwares that I'm talking about are adware and svchost.exe virus.

I have look up a lot of solutions to this problems but it is still not resolved.

The applications that I used are as follow:
1) rKill
2) TDSSkiller
3) SUPERAntiSpyware
4) adwcleaner
5) Zemana Anti-Malware
6) Hitmanpro

Below are softwares that I cannot use due to the hard-to-remove malwares:
1) Malwarebytes Anti-Malware

I have look up on ways to run Malwarebytes Anti-Malware but it doesn't work for me. I use mbam to reinstall Malwarebytes Anti-Malware and Malwarebytes Chameleon but it still doesn't work.

I'm hoping to hear help soon.

Regards,
Milo.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:22 AM

Posted 12 April 2018 - 03:28 PM

Greetings Milo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Milo_Airbatu

Milo_Airbatu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 13 April 2018 - 03:37 PM

Hello there Gary!

I can't thank you enough to go through all the trouble of reading my frst.txt and addition.txt logs.

I would like to apologize to you for I have taken my own action which is to format my laptop. This is because I saw a post of mine got "deleted" twice, hence, I assumed my topic was irrelevant. After asking for some information, I realise that my post got duplicated.

Again I apologies for I have wasted your precious time and effort.

I will take today's event as a note to be more patient and not jump to conclusion before getting the correct information.

Have a wonderful day ahead and keep on doing your best!

Regards,
Milo.

Edited by Milo_Airbatu, 13 April 2018 - 03:38 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:22 AM

Posted 13 April 2018 - 04:29 PM

Greetings Milo.

No problem at all. Sometimes there is a delay in getting to a topic because of the list of people waiting. I hope you feel free to come back again if we can be of assistance.

BTW, welcome to our home. :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:22 AM

Posted 13 April 2018 - 04:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users