Jump to content

Russians Adware


Recommended Posts

So, about few weeks ago my computer got adware called DNS Unlocker ( its popular ) then my friend told me to remove it by malwarebytes, so i downloaded it. After try to scan and remove it, the DNS Unlocker was gone from my computer. So i was trusted malwarebytes because it is useful and work. And about three or four days ago, i didnt download anything from internet but my computer was infected again by adware. I dont know what is the name of the adware but it is always appear when i starting my browser and it goes to " thrafilebe-us.ru " ( i know its russian adware because the last is 'ru' ) i have set my default setting on chrome ( i use chrome ) to start with google but its useless because the adware still appear everytime i start my browser. i have tried remove it by malwarebytes free, antisoft free, panda antivirus free and its all useless. So please, can anyone help me please ? 

I seriously hate this adware because it is often show p*rn sites, so please help my computer ;)

Link to post
Share on other sites

Hello javelineou and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your next reply....

Thank you,

Kevin

Link to post
Share on other sites

Thank you so much kevin for replying, i hope your advice make my pc work properly again.

 

First, Im not too good at english, but i know what you mean.

Second, my MBAM trial has been expired, i dont know if its affects to the scan or not.

Third, on the rkill.log i got Rkill.txt so ill mention it on the reply, i dont know it is useful or not.

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2016 02:59:26 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\user\AppData\Roaming\HPRewriter2\HPWriterSrv2.exe (PID: 1804) [UP-HEUR]

1 proccess terminated!

Possibly Patched Files.

 * C:\Windows\system32\winlogon.exe

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * C:\Windows\System32\user32.dll : 812.032 : 11/20/2010 03:21 AM : cf97d64d7ec169c53c93b0a192218b29 [NoSig]
 +-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833.024 : 11/20/2010 03:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
 +-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1.008.128 : 11/20/2010 04:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811.520 : 11/20/2010 03:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
 +-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833.024 : 11/20/2010 03:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
 +-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1.008.640 : 01/16/2011 07:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
 +-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812.032 : 11/20/2010 03:21 AM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811.520 : 11/21/2010 04:29 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

 * C:\Windows\System32\winlogon.exe : 285.696 : 11/20/2010 03:17 AM : c3eb9ea34ebe459f13f3f890f56ce72a [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe : 286.720 : 11/21/2010 04:29 AM : 6d13e1406f50c66e2a95d97f22c47560 [Pos Repl]

Checking HOSTS File: 

 * No issues found.

Program finished at: 08/09/2016 03:00:40 PM
Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s)

( green text is rkill.txt )

 

Fourth, this is the text file from MBAM ( the orange color )

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/08/2016
Scan Time: 15:25
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344125
Time Elapsed: 28 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Fifth, this is the FRST.txt ( purple text )

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016
Ran by user (administrator) on USER-PC (09-08-2016 16:27:15)
Running from C:\Users\user\Desktop
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
() C:\Users\user\Downloads\Garena Plus\ggdllhost.exe
() C:\Users\user\Downloads\Garena Plus\ggdllhost.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ERJOIWFIM) C:\Users\user\AppData\Roaming\HPRewriter2\HPWriterSrv2.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{18D9B629-713A-47D4-A18A-8D9C82BAB74E}: [DhcpNameServer] 61.247.0.133 61.247.0.130 202.73.99.4 202.73.99.2
Tcpip\..\Interfaces\{1AD66B58-C5F3-4679-9A69-C29A8E477959}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3DC0582F-6C7A-4268-976B-A873CA74E5B2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{53677DC8-B7FF-46A4-A35E-55F560BEEF83}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{53677DC8-B7FF-46A4-A35E-55F560BEEF83}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CEFB7252-4B6E-455B-960D-2E1B627E574A}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://plasa.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\u52asnkz.default-1469286427057
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Users\user\Downloads\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1001: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-03-23] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Innorix File Transfer Solution) - C:\Program Files\INNORIX\npinnogmp.dll (INNORIX)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (Google Dokumen Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2007-02-15]
CHR Extension: (http://ask.fm/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodkangnoihaogpgakjfdkepoljfcfbc [2016-01-15]
CHR Extension: (https://plus.google.com/u/0/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jginlfhgcfmfhaabnekdaemhegpebfip [2016-01-15]
CHR Extension: (Сияние) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidbpkjafbnohlnbflllphpkfmojpdac [2016-08-07]
CHR Extension: (Pembayaran Toko Web Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2007-02-15]
CHR Extension: (https://www.google.com/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkolgldfknecfjnhhglfopimelbaceh [2016-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
CHR HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-18]

Opera: 
=======
OPR StartupUrls:  "hxxp://www.mystartsearch.com/?type=hp&ts=1428909754&from=wpc&uid=ST3160815SV_5RX63JTHXXXX5RX63JTH" 

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-02-17] (Macrovision Europe Ltd.) [File not signed]
R2 HPWriter Service; C:\Users\user\AppData\Roaming\HPRewriter2\HPWriterSrv2.exe [4156416 2016-08-06] (ERJOIWFIM) [File not signed]
S4 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 4622402a; "C:\Windows\system32\rundll32.exe" "c:\Program Files\CutterModule\CutterModule.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-09] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
R1 MpKsla6464b06; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE469132-F30B-4743-8AAE-AC119B41ECBB}\MpKsla6464b06.sys [39168 2016-08-09] (Microsoft Corporation)
S3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-30] (Motorola Inc.)
R3 RD9700; C:\Windows\System32\DRIVERS\RD9700.sys [16512 2012-01-04] (Corechip Semiconductor, Inc. Co Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
R3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 11:23 - 2020-03-31 11:26 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TMContainer00000000000000000002.regtrans-ms
2020-03-31 11:23 - 2020-03-31 11:26 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TMContainer00000000000000000001.regtrans-ms
2020-03-31 11:23 - 2020-03-31 11:26 - 00065536 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TM.blf
2016-08-09 16:27 - 2016-08-09 16:27 - 00016226 _____ C:\Users\user\Desktop\FRST.txt
2016-08-09 16:26 - 2016-08-09 16:27 - 00000000 ____D C:\FRST
2016-08-09 16:25 - 2016-08-09 16:26 - 01743872 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2016-08-09 15:22 - 2016-08-09 16:02 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-09 15:06 - 2016-08-09 15:06 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-09 15:06 - 2016-08-09 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-09 15:05 - 2016-08-09 15:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-09 15:05 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-09 15:05 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-09 15:05 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-09 14:59 - 2016-08-09 15:00 - 00005008 _____ C:\Users\user\Desktop\Rkill.txt
2016-08-09 14:46 - 2016-08-09 14:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.com
2016-08-09 14:32 - 2016-04-11 03:55 - 13347841 _____ C:\Users\user\Desktop\XIGNCODE.rar
2016-08-09 14:32 - 2015-11-26 05:57 - 05331464 _____ C:\Users\user\Desktop\[Pricelist] Kios Pasar Modern @Intermoda BSD City.pdf
2016-08-09 14:32 - 2015-01-26 00:54 - 00000364 _____ C:\Users\user\Desktop\pos.dat
2016-08-09 14:32 - 2014-12-27 01:17 - 01307106 _____ C:\Users\user\Desktop\Survey Remover V3.02 Updated.zip
2016-08-09 14:32 - 2014-05-26 14:54 - 01070624 _____ (Unity Technologies ApS) C:\Users\user\Desktop\UnityWebPlayer.exe
2016-08-09 14:31 - 2015-11-04 20:44 - 1272583000 _____ C:\Users\user\Desktop\PointBlank_GarenaPlus_Install_1026.exe
2016-08-09 14:30 - 2016-08-07 18:55 - 22851472 _____ (Malwarebytes ) C:\Users\user\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-09 14:30 - 2016-03-05 20:03 - 77267144 _____ C:\Users\user\Desktop\Garena+_Install_id (1).exe
2016-08-09 14:30 - 2015-11-04 20:37 - 77494272 _____ C:\Users\user\Desktop\Garena+_Install_id.exe
2016-08-09 14:30 - 2015-11-04 19:40 - 02739648 _____ C:\Users\user\Desktop\pbidInstaller.exe
2016-08-09 14:30 - 2014-08-18 21:30 - 00895120 _____ (Google Inc.) C:\Users\user\Desktop\googledrivesync.exe
2016-08-09 14:30 - 2014-07-19 21:22 - 00895120 _____ (Google Inc.) C:\Users\user\Desktop\GoogleVoiceAndVideoSetup.exe
2016-08-09 14:30 - 2014-05-27 10:48 - 07760696 _____ (INNORIX) C:\Users\user\Desktop\InnoGMP_Win.exe
2016-08-09 14:30 - 2014-03-26 21:37 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (3).exe
2016-08-09 14:30 - 2014-03-26 21:37 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (2).exe
2016-08-09 14:30 - 2014-03-26 21:35 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (1).exe
2016-08-09 14:30 - 2014-03-26 21:34 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup.exe
2016-08-09 14:29 - 2016-08-09 14:32 - 00000000 ____D C:\Users\user\Desktop\Garena Plus
2016-08-09 14:29 - 2016-08-07 20:49 - 39269240 _____ (Anvisoft) C:\Users\user\Desktop\asdsetup.exe
2016-08-09 14:29 - 2016-01-15 14:44 - 00927824 _____ (Google Inc.) C:\Users\user\Desktop\ChromeSetup(1).exe
2016-08-09 14:29 - 2014-12-23 18:46 - 00880784 _____ (Google Inc.) C:\Users\user\Desktop\ChromeSetup.exe
2016-08-07 21:36 - 2016-08-07 21:36 - 00000047 _____ C:\Users\user\Desktop\blahblah.txt
2016-08-07 20:54 - 2016-08-08 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-08-07 20:54 - 2016-08-07 20:54 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-07 20:51 - 2016-08-07 20:51 - 00000000 ____D C:\ProgramData\Anvisoft
2016-08-07 20:51 - 2016-08-07 20:51 - 00000000 ____D C:\Program Files\Anvisoft
2016-08-07 20:48 - 2016-08-07 20:49 - 39269240 _____ (Anvisoft) C:\Users\user\Downloads\asdsetup.exe
2016-08-07 18:54 - 2016-08-07 18:55 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-07 17:31 - 2016-08-07 17:31 - 00003584 _____ C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-06 20:06 - 2016-08-06 20:06 - 00000000 ____D C:\Users\user\AppData\Local\GMap.NET
2016-08-06 19:00 - 2016-08-07 00:03 - 00000000 ____D C:\Users\user\AppData\Roaming\HPRewriter2
2016-08-06 19:00 - 2016-08-06 19:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Seviler2DGame
2016-08-06 19:00 - 2016-08-06 19:00 - 00002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002026 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002024 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-07-24 17:25 - 2016-07-24 17:26 - 00045125 _____ C:\ProgramData\1469355928.2132.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00042049 _____ C:\ProgramData\1469355928.3948.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00004431 _____ C:\ProgramData\1469355928.172.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00002928 _____ C:\ProgramData\1469355928.3196.bin
2016-07-24 17:25 - 2016-07-24 17:25 - 00037915 _____ C:\ProgramData\1469355918.bdinstall.bin
2016-07-24 01:13 - 2016-07-24 01:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-24 00:45 - 2016-07-24 00:45 - 00225330 _____ C:\ProgramData\1469295588.bdinstall.bin
2016-07-24 00:44 - 2009-07-14 22:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-07-24 00:30 - 2016-07-24 00:32 - 00000494 _____ C:\ProgramData\1469294993.2720.bin
2016-07-24 00:30 - 2016-07-24 00:30 - 00002049 _____ C:\ProgramData\1469294993.1704.bin
2016-07-24 00:29 - 2016-07-24 00:32 - 00040831 _____ C:\ProgramData\1469294993.2684.bin
2016-07-24 00:21 - 2016-07-24 00:21 - 00045499 _____ C:\ProgramData\1469294336.bdinstall.bin
2016-07-24 00:18 - 2016-07-24 00:40 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan
2016-07-23 21:25 - 2016-08-07 19:19 - 00000000 ____D C:\Users\user\AppData\Roaming\dpkfjdig
2016-07-23 14:16 - 2016-07-24 15:56 - 00000000 ____D C:\Users\user\AppData\Roaming\jiycgqxf
2016-07-22 20:02 - 2016-07-24 15:56 - 00000000 ____D C:\Users\user\AppData\Roaming\hhodtwis
2016-07-19 14:18 - 2016-07-24 01:01 - 00000000 ____D C:\Users\user\AppData\Roaming\{14AA2211-31F8-4F67-5ACE-68B5861C958B}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 11:26 - 2007-02-17 04:42 - 00000000 ____D C:\Users\user
2020-03-31 11:19 - 2007-02-17 04:42 - 00262144 ___SH C:\Users\user\ntuser.dat.LOG2
2016-08-09 16:24 - 2014-07-06 13:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-09 16:22 - 2007-02-17 04:45 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA.job
2016-08-09 16:21 - 2016-01-25 22:32 - 00000266 _____ C:\Windows\Tasks\UpdateTask.job
2016-08-09 16:20 - 2014-03-26 21:38 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-09 16:01 - 2014-03-26 21:38 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-09 16:00 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-09 15:59 - 2009-07-14 11:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-09 15:59 - 2009-07-14 11:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-09 14:33 - 2016-03-05 20:05 - 00000000 ____D C:\Users\user\Downloads\Garena Plus
2016-08-08 22:46 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2016-08-08 22:40 - 2007-02-17 04:44 - 00000000 ____D C:\Program Files\WinRAR
2016-08-08 20:49 - 2010-11-21 04:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-08 17:22 - 2007-02-17 04:45 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core.job
2016-08-07 19:34 - 2007-02-17 04:56 - 00000000 ____D C:\Windows\PCHEALTH
2016-08-07 19:19 - 2016-07-02 17:50 - 00000000 ____D C:\Users\user\AppData\Roaming\msndgfdl
2016-08-07 19:19 - 2016-06-30 18:42 - 00000000 ____D C:\Users\user\AppData\Roaming\obehoaiy
2016-08-07 19:19 - 2016-06-23 15:06 - 00000000 ____D C:\Users\user\AppData\Roaming\odnnnvxe
2016-08-07 19:19 - 2016-06-19 18:22 - 00000000 ____D C:\Users\user\AppData\Roaming\drnjcmry
2016-08-07 19:19 - 2016-06-16 18:48 - 00000000 ____D C:\Users\user\AppData\Roaming\pndmagmv
2016-08-07 19:19 - 2016-06-11 00:13 - 00000000 ____D C:\Users\user\AppData\Roaming\dppfzonn
2016-08-07 19:19 - 2016-06-10 10:37 - 00000000 ____D C:\Users\user\AppData\Roaming\eglqkdrp
2016-08-07 19:19 - 2016-06-10 09:50 - 00000000 ____D C:\Users\user\AppData\Roaming\qrtrmnhp
2016-08-07 19:19 - 2016-06-07 12:11 - 00000000 ____D C:\Users\user\AppData\Roaming\mwcrnxvh
2016-08-07 19:19 - 2016-05-09 23:53 - 00000000 ____D C:\Users\user\AppData\Roaming\pznjzsar
2016-08-07 19:19 - 2016-05-07 11:09 - 00000000 ____D C:\Users\user\AppData\Roaming\pgiatadc
2016-08-07 19:19 - 2016-04-30 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\paymitiw
2016-08-07 19:19 - 2016-03-23 11:58 - 00000000 ____D C:\Users\user\AppData\Roaming\qqyudiyn
2016-08-07 19:19 - 2016-02-05 15:19 - 00000000 ____D C:\Users\user\AppData\Roaming\ejwptvtf
2016-08-07 19:19 - 2016-02-04 23:37 - 00000000 ____D C:\Users\user\AppData\Roaming\pqbgjbag
2016-08-07 19:19 - 2016-01-30 06:55 - 00000000 ____D C:\Users\user\AppData\Roaming\exablnnj
2016-08-07 19:19 - 2016-01-25 22:31 - 00000000 ____D C:\Users\user\AppData\Roaming\njsldbzk
2016-08-07 19:19 - 2016-01-08 15:39 - 00000000 ____D C:\Users\user\AppData\Roaming\ogsoakrf
2016-08-07 19:19 - 2015-12-08 23:10 - 00000000 ____D C:\Users\user\AppData\Roaming\ngxrzvvi
2016-08-07 19:19 - 2015-09-04 18:46 - 00000000 ____D C:\Users\user\AppData\Roaming\nkstybpw
2016-08-07 19:19 - 2015-03-18 08:14 - 00000000 ____D C:\Users\user\AppData\Roaming\fdlsmwyb
2016-08-07 19:19 - 2015-01-29 18:26 - 00000000 ____D C:\Users\user\AppData\Roaming\dtilzwxx
2016-08-07 19:19 - 2015-01-25 23:47 - 00000000 ____D C:\Users\user\AppData\Roaming\sctkfjqk
2016-08-07 19:19 - 2015-01-24 17:21 - 00000000 ____D C:\Users\user\AppData\Roaming\qqkbtsfc
2016-08-07 19:19 - 2007-02-15 07:49 - 00000000 ____D C:\Users\user\AppData\Roaming\phmxjpvs
2016-08-07 19:19 - 2007-02-15 00:20 - 00000000 ____D C:\Users\user\AppData\Roaming\psuoarzq
2016-08-07 19:19 - 2007-02-15 00:05 - 00000000 ____D C:\Users\user\AppData\Roaming\mwnekhqu
2016-08-07 17:45 - 2007-02-15 00:09 - 00000000 ____D C:\Users\user\Documents\~Tristan
2016-08-07 17:14 - 2007-02-17 05:02 - 00000000 __SHD C:\[Smad-Cage]
2016-08-07 16:23 - 2007-02-17 05:02 - 00000000 ____D C:\Program Files\SMADAV
2016-08-06 19:11 - 2015-12-26 08:21 - 00002412 _____ C:\Users\user\Desktop\Chromium.lnk
2016-08-05 16:20 - 2014-12-23 16:49 - 00000000 ____D C:\Program Files\Opera
2016-07-28 17:19 - 2007-02-17 05:02 - 00000000 ____D C:\Users\UpdatusUser
2016-07-28 02:25 - 2014-03-25 11:17 - 00406184 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-24 17:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2016-07-24 16:19 - 2009-07-14 11:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-24 16:19 - 2007-02-17 05:40 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:37 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:35 - 00001349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2016-07-24 16:19 - 2007-02-17 05:34 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:30 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:06 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-24 16:19 - 2007-02-17 04:48 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-07-24 16:19 - 2007-02-17 04:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-24 16:19 - 2007-02-17 04:35 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-24 16:17 - 2016-03-05 20:20 - 00000987 _____ C:\Users\Public\Desktop\PointBlank Garena.lnk
2016-07-24 16:17 - 2016-03-05 20:06 - 00000909 _____ C:\Users\Public\Desktop\Garena+.lnk
2016-07-24 16:17 - 2014-03-26 21:41 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-07-24 16:17 - 2014-03-25 11:38 - 00001053 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00002230 _____ C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00001188 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1050 J410 series.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00001183 _____ C:\Users\Public\Desktop\HP Deskjet 1050 J410 series Scan.lnk
2016-07-24 16:17 - 2007-02-17 05:22 - 00002652 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2016-07-24 16:17 - 2007-02-17 05:05 - 00001229 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2016-07-24 16:17 - 2007-02-17 05:04 - 00001793 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-07-24 16:17 - 2007-02-17 04:51 - 00002061 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
2016-07-24 16:17 - 2007-02-17 04:48 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-07-24 16:17 - 2007-02-17 04:47 - 00001065 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-07-24 16:16 - 2009-07-14 11:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-24 16:16 - 2009-07-14 11:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-24 16:15 - 2016-06-16 18:50 - 00001095 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2016-07-24 16:15 - 2016-06-16 18:50 - 00001093 _____ C:\Users\user\Desktop\LINE.lnk
2016-07-24 16:15 - 2007-02-17 05:41 - 00001083 _____ C:\Users\user\Desktop\Adobe Photoshop CS3.lnk
2016-07-24 16:15 - 2007-02-17 05:13 - 00002105 _____ C:\Users\user\Desktop\Microsoft Security Essentials.lnk
2016-07-24 16:15 - 2007-02-17 04:47 - 00001095 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-24 16:14 - 2014-06-19 15:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-24 16:11 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\Offline Web Pages
2016-07-24 15:57 - 2014-06-06 10:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-24 15:56 - 2016-07-09 22:00 - 00000000 ____D C:\Users\user\AppData\Roaming\jszaqsdn
2016-07-24 15:56 - 2016-07-09 11:22 - 00000000 ____D C:\Users\user\AppData\Roaming\iysqhvos
2016-07-24 15:56 - 2016-06-28 18:53 - 00000000 ____D C:\Users\user\AppData\Roaming\tudychlo
2016-07-24 15:56 - 2016-06-25 13:18 - 00000000 ____D C:\Users\user\AppData\Roaming\mczxjfww
2016-07-24 15:56 - 2016-06-23 18:58 - 00000000 ____D C:\Users\user\AppData\Roaming\llgmebag
2016-07-24 15:56 - 2016-06-21 14:14 - 00000000 ____D C:\Users\user\AppData\Roaming\kwmkvswy
2016-07-24 15:56 - 2016-06-20 16:09 - 00000000 ____D C:\Users\user\AppData\Roaming\lyfntkze
2016-07-24 15:56 - 2016-06-20 03:26 - 00000000 ____D C:\Users\user\AppData\Roaming\khitfriy
2016-07-24 15:56 - 2016-06-14 23:50 - 00000000 ____D C:\Users\user\AppData\Roaming\hifmqnmr
2016-07-24 15:56 - 2016-06-13 22:10 - 00000000 ____D C:\Users\user\AppData\Roaming\weoxfgff
2016-07-24 15:56 - 2016-06-13 00:33 - 00000000 ____D C:\Users\user\AppData\Roaming\wizfnskg
2016-07-24 15:56 - 2016-06-11 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\wfzwertg
2016-07-24 15:56 - 2016-06-08 22:11 - 00000000 ____D C:\Users\user\AppData\Roaming\kyjriprf
2016-07-24 15:56 - 2016-06-08 19:02 - 00000000 ____D C:\Users\user\AppData\Roaming\wpfbosnz
2016-07-24 15:56 - 2016-06-07 22:22 - 00000000 ____D C:\Users\user\AppData\Roaming\vzsfmmuy
2016-07-24 15:56 - 2016-06-05 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\zeclmbcn
2016-07-24 15:56 - 2016-05-21 12:30 - 00000000 ____D C:\Users\user\AppData\Roaming\jqcscksz
2016-07-24 15:56 - 2016-05-20 18:12 - 00000000 ____D C:\Users\user\AppData\Roaming\jmcseecw
2016-07-24 15:56 - 2016-05-19 21:55 - 00000000 ____D C:\Users\user\AppData\Roaming\rfwxotjv
2016-07-24 15:56 - 2016-05-18 11:49 - 00000000 ____D C:\Users\user\AppData\Roaming\yeemeyrz
2016-07-24 15:56 - 2016-05-14 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ukiwnkwh
2016-07-24 15:56 - 2016-05-13 18:47 - 00000000 ____D C:\Users\user\AppData\Roaming\smxnbqwz
2016-07-24 15:56 - 2016-05-13 00:14 - 00000000 ____D C:\Users\user\AppData\Roaming\hyaknpgr
2016-07-24 15:56 - 2016-05-09 21:31 - 00000000 ____D C:\Users\user\AppData\Roaming\rqwlagzv
2016-07-24 15:56 - 2016-05-09 15:22 - 00000000 ____D C:\Users\user\AppData\Roaming\khcqwzex
2016-07-24 15:56 - 2016-05-08 12:57 - 00000000 ____D C:\Users\user\AppData\Roaming\wvcylmez
2016-07-24 15:56 - 2016-05-05 09:33 - 00000000 ____D C:\Users\user\AppData\Roaming\tpxxfkez
2016-07-24 15:56 - 2016-05-01 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\jpcbosga
2016-07-24 15:56 - 2016-04-30 12:11 - 00000000 ____D C:\Users\user\AppData\Roaming\jxmzyuhg
2016-07-24 15:56 - 2016-04-29 12:41 - 00000000 ____D C:\Users\user\AppData\Roaming\rvbtmcpd
2016-07-24 15:56 - 2016-04-29 07:35 - 00000000 ____D C:\Users\user\AppData\Roaming\uncyukvx
2016-07-24 15:56 - 2016-04-27 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\utqwaabt
2016-07-24 15:56 - 2016-04-26 13:20 - 00000000 ____D C:\Users\user\AppData\Roaming\khohcbcf
2016-07-24 15:56 - 2016-04-16 17:23 - 00000000 ____D C:\Users\user\AppData\Roaming\ydmzxymn
2016-07-24 15:56 - 2016-04-16 13:51 - 00000000 ____D C:\Users\user\AppData\Roaming\tmmgvyaw
2016-07-24 15:56 - 2016-03-05 23:28 - 00000000 ____D C:\Users\user\AppData\Roaming\zhxudnfs
2016-07-24 15:56 - 2016-02-28 10:14 - 00000000 ____D C:\Users\user\AppData\Roaming\hhvyilre
2016-07-24 15:56 - 2016-02-16 22:21 - 00000000 ____D C:\Users\user\AppData\Roaming\rylwivpy
2016-07-24 15:56 - 2016-02-03 21:29 - 00000000 ____D C:\Users\user\AppData\Roaming\lckxgbnl
2016-07-24 15:56 - 2016-01-19 07:14 - 00000000 ____D C:\Users\user\AppData\Roaming\zufgqdjd
2016-07-24 15:56 - 2016-01-18 15:20 - 00000000 ____D C:\Users\user\AppData\Roaming\wiqhcopk
2016-07-24 15:56 - 2016-01-17 23:51 - 00000000 ____D C:\Users\user\AppData\Roaming\yriyuyqe
2016-07-24 15:56 - 2016-01-09 17:48 - 00000000 ____D C:\Users\user\AppData\Roaming\xhdacobf
2016-07-24 15:56 - 2016-01-03 17:43 - 00000000 ____D C:\Users\user\AppData\Roaming\xmymnwcq
2016-07-24 15:56 - 2015-12-21 13:13 - 00000000 ____D C:\Users\user\AppData\Roaming\jvjryrdj
2016-07-24 15:56 - 2015-12-12 18:25 - 00000000 ____D C:\Users\user\AppData\Roaming\yjbjsldi
2016-07-24 15:56 - 2015-12-12 16:18 - 00000000 ____D C:\Users\user\AppData\Roaming\vhexrplv
2016-07-24 15:56 - 2015-12-09 22:49 - 00000000 ____D C:\Users\user\AppData\Roaming\wtokpfxb
2016-07-24 15:56 - 2015-12-08 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\kykzebmk
2016-07-24 15:56 - 2015-11-02 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\ywztptwt
2016-07-24 15:56 - 2015-06-01 21:29 - 00000000 ____D C:\Users\user\AppData\Roaming\rukatgqq
2016-07-24 15:56 - 2015-05-12 01:43 - 00000000 ____D C:\Users\user\AppData\Roaming\vilkvkey
2016-07-24 15:56 - 2015-03-13 13:44 - 00000000 ____D C:\Users\user\AppData\Roaming\ymxuurqw
2016-07-24 15:56 - 2015-02-12 05:35 - 00000000 ____D C:\Users\user\AppData\Roaming\uzaivaga
2016-07-24 15:56 - 2015-02-11 15:30 - 00000000 ____D C:\Users\user\AppData\Roaming\sfuajixl
2016-07-24 15:56 - 2007-02-15 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\gsetnxvb
2016-07-24 15:56 - 2007-02-15 00:21 - 00000000 ____D C:\Users\user\AppData\Roaming\gieqhyep
2016-07-24 15:56 - 2007-02-15 00:02 - 00000000 ____D C:\Users\user\AppData\Roaming\uhozzgjt
2016-07-24 15:11 - 2016-02-28 21:16 - 00000000 ____D C:\Users\user\AppData\Roaming\dbzduqyv
2016-07-24 01:58 - 2016-06-24 13:05 - 00000000 ____D C:\Users\user\AppData\Roaming\bxixwxep
2016-07-24 01:58 - 2016-05-06 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\cjgastms
2016-07-24 01:58 - 2016-04-24 23:09 - 00000000 ____D C:\Users\user\AppData\Roaming\buigcvgm
2016-07-24 01:53 - 2016-06-11 22:22 - 00000000 ____D C:\Users\user\AppData\Roaming\bsefpbza
2016-07-24 01:53 - 2015-05-05 05:33 - 00000000 ____D C:\Users\user\AppData\Roaming\bhiecivx
2016-07-24 01:48 - 2016-06-15 22:56 - 00000000 ____D C:\Users\user\AppData\Roaming\awcjfxtm
2016-07-24 01:48 - 2015-04-28 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\afwjzugr
2016-07-24 01:43 - 2016-02-26 20:03 - 00000000 ____D C:\ProgramData\80549ce9
2016-07-24 00:22 - 2007-02-17 05:06 - 00002127 _____ C:\Windows\epplauncher.mif
2016-07-22 20:19 - 2015-01-23 22:01 - 00000327 _____ C:\Users\user\AppData\Roaming\WB.CFG

==================== Files in the root of some directories =======

2007-02-15 00:05 - 2007-02-15 00:05 - 6420480 _____ () C:\Program Files\GUT41AE.tmp
2015-02-12 10:20 - 2015-02-12 10:20 - 6103040 _____ () C:\Program Files\GUT7069.tmp
2007-02-15 00:08 - 2007-02-15 00:08 - 0000000 _____ () C:\Program Files\GUTD588.tmp
2015-05-22 00:31 - 2007-02-15 00:11 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-04-28 15:38 - 2015-05-22 00:26 - 0000020 _____ () C:\Users\user\AppData\Roaming\appdataFr3.bin
2014-12-23 21:41 - 2014-12-23 21:41 - 0138056 _____ () C:\Users\user\AppData\Roaming\PnkBstrK.sys
2015-01-23 22:01 - 2016-07-22 20:19 - 0000327 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2016-08-07 17:31 - 2016-08-07 17:31 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-23 18:28 - 2014-08-23 18:28 - 0000000 _____ () C:\Users\user\AppData\Local\{021E2386-759F-43C7-93D9-3D5BF70A0319}
2014-02-19 15:02 - 2014-02-19 15:02 - 0000000 _____ () C:\Users\user\AppData\Local\{5C8F489D-835A-451E-AAFA-E6B0E4953A05}
2014-05-29 13:35 - 2014-05-29 13:36 - 0000000 _____ () C:\Users\user\AppData\Local\{A76B11C5-E75C-4DE6-AA0C-DD6FC1E47834}
2016-07-24 00:21 - 2016-07-24 00:21 - 0045499 _____ () C:\ProgramData\1469294336.bdinstall.bin
2016-07-24 00:30 - 2016-07-24 00:30 - 0002049 _____ () C:\ProgramData\1469294993.1704.bin
2016-07-24 00:29 - 2016-07-24 00:32 - 0040831 _____ () C:\ProgramData\1469294993.2684.bin
2016-07-24 00:30 - 2016-07-24 00:32 - 0000494 _____ () C:\ProgramData\1469294993.2720.bin
2016-07-24 00:45 - 2016-07-24 00:45 - 0225330 _____ () C:\ProgramData\1469295588.bdinstall.bin
2016-07-24 17:25 - 2016-07-24 17:25 - 0037915 _____ () C:\ProgramData\1469355918.bdinstall.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0004431 _____ () C:\ProgramData\1469355928.172.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0045125 _____ () C:\ProgramData\1469355928.2132.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0002928 _____ () C:\ProgramData\1469355928.3196.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0042049 _____ () C:\ProgramData\1469355928.3948.bin

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\user\AppData\Local\Temp\d45bf640ca3c263b5d4928241c7a8e35.dll
C:\Users\user\AppData\Local\Temp\eauninstall.exe
C:\Users\user\AppData\Local\Temp\ggspawn1556635582.dll
C:\Users\user\AppData\Local\Temp\ggspawn770000468.dll
C:\Users\user\AppData\Local\Temp\openvpn.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1003_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1004_11.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1005.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1006.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1007.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1008_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1009.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1010.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1011.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1012.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1013_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1014.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1015_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1016_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1017.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1018.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1019.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1020.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1021.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1022.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1023.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1024.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1025_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1026.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1027.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1028.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1029.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1030.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1031.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1032.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1033.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1034.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1035.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1036.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1037.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1038_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1039.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1040.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1041.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1042.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1043.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1044.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1045.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1046.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1047.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1048.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1049_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1050.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1051.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1052_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1053.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1054.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1055.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1056.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1057.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1058.exe
C:\Users\user\AppData\Local\Temp\tapinstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2010-11-21 04:29] - [2010-11-20 03:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:29] - [2010-11-20 03:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-06 08:13

==================== End of FRST.txt ============================

 

Sixth, and it is all i can give to you. Thank you so much kevin for helping me, im waiting on your next reply ;)


 

Link to post
Share on other sites

Run FRST one more time:

Type the following in the edit box after "Search:".

winlogon.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

User32.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Post those two produced logs in your reply....

Link to post
Share on other sites

9 minutes ago, kevinf80 said:

 

search.txt ( winlogon )

Farbar Recovery Scan Tool (x86) Version: 09-08-2016
Ran by user (2016-08-09 18:24:53)
Running from C:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "User32.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-21 04:29][2010-11-21 04:29] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 [File is digitally signed]

C:\Windows\System32\user32.dll
[2010-11-21 04:29][2010-11-20 03:21] 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29 [File not signed]

C:\Windows\KJ\Pirate\T\x86T\user32.dll
[2007-02-17 05:08][2010-11-20 03:21] 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29 [File not signed]

C:\Windows\KJ\Pirate\T\x64T\user32.dll
[2007-02-17 05:08][2011-01-16 07:01] 1008640 ____A (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF [File not signed]

C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll
[2007-02-17 05:08][2010-11-20 03:08] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 [File not signed]

C:\Windows\KJ\Pirate\P\x86P\user32.dll
[2007-02-17 05:08][2010-11-20 03:21] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 [File is digitally signed]

C:\Windows\KJ\Pirate\P\x64P\user32.dll
[2007-02-17 05:08][2010-11-20 04:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B [File not signed]

C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll
[2007-02-17 05:08][2010-11-20 03:08] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 [File not signed]

====== End of Search ======

 

search.txt ( user32 )

Farbar Recovery Scan Tool (x86) Version: 09-08-2016
Ran by user (2016-08-09 18:22:19)
Running from C:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "winlogon.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010-11-21 04:29][2010-11-21 04:29] 0286720 ____N (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560 [File is digitally signed]

C:\Windows\System32\winlogon.exe
[2010-11-21 04:29][2010-11-20 03:17] 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A [File not signed]

C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2016-08-09 15:06][2016-03-10 14:07] 0960480 ____A (MalwareBytes) F86A4139730504047F52CCFB8C47E9F5 [File is digitally signed]

====== End of Search ======

 

Link to post
Share on other sites

Addition_09-08-2016_16-30-07.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016
Ran by user (2016-08-09 16:28:42)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2007-02-16 21:40:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3897908082-2070258231-4265155790-500 - Administrator - Disabled)
Guest (S-1-5-21-3897908082-2070258231-4265155790-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3897908082-2070258231-4265155790-1001 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-3897908082-2070258231-4265155790-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Chromium (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Chromium) (Version: 46.0.2470.0 - Chromium)
Counter-Strike 1.6 (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Counter-Strike 1.6) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Foxtab (HKLM\...\Foxtab) (Version:  - Foxtab) <==== ATTENTION
Garena - PointBlank ID (HKLM\...\PBID) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.28.5039 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPRewriter2 (HKLM\...\HPRewriter2) (Version:  - )
K-Lite Codec Pack 7.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LINE (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\LINE) (Version: 4.8.0.1097 - LINE Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 7 Premium (HKLM\...\{4781569D-5404-1F26-4B2B-6DF444441031}) (Version: 7.00.0087 - Nero AG)
NVIDIA Graphics Driver 307.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.74 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 39.0.2256.48 (HKLM\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6828 - Realtek Semiconductor Corp.)
Search Provided by Yahoo (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\YahooProvidedSearch) (Version:  - ) <==== ATTENTION
SMADAV version 9.6.1 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 9.6.1 - SmadSoft)
UltraISO Premium V9.35 (HKLM\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Winamp (HKLM\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - ASIX (AX88772) Net  (06/10/2009 3.12.3.2) (HKLM\...\3720AB563DCFC005C5FB669FF957E87941CF80E6) (Version: 06/10/2009 3.12.3.2 - ASIX)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\user\AppData\Local\Chromium\Application\46.0.2470.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\googletalkax.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\user\AppData\Local\Chromium\Application\46.0.2470.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\o1dax.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E93579-5FEA-4718-A3BB-5C4B5EBB481A} - System32\Tasks\Garena+ Plugin Host Service => C:\Users\user\Downloads\Garena Plus\ggdllhost.exe [2016-02-22] ()
Task: {0E26943A-E58D-4D36-9ED9-191631BCCFF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {16D4A03B-6672-436D-922E-D1BDE06336B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {189F871F-7689-4B16-BC34-7EA1AC36071C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-02-15] (Google Inc.)
Task: {1A69E56C-C44D-4B29-9A13-8D1C0282506A} - System32\Tasks\UpdateTask => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE
Task: {1C1E0E67-A92A-4705-B5BE-3F8DF7077DEE} - System32\Tasks\{730A0B80-DE7E-4936-9138-9D4E43D39543} => pcalua.exe -a "C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {1CD82678-09D3-4DE7-987D-516F812E5DBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-03] (Adobe Systems Incorporated)
Task: {2290A225-5460-4BD0-9B6B-BBCC737CCAF4} - \{CA13FAB3-5290-0682-FAF4-587B10AA7A33} -> No File <==== ATTENTION
Task: {27F89AFD-62F3-4A46-A5A5-66D8D7E1574F} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2014-01-21] (Smadsoft)
Task: {2ABAF70E-261F-40D0-A37B-171C14AF678F} - \Superclean -> No File <==== ATTENTION
Task: {32471D25-BE59-490D-8A8C-2461921F46C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-02-15] (Google Inc.)
Task: {37CE6EA3-8CFD-4B23-A5E5-747AD27D33BD} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {3B25E983-9659-4E18-931C-60CCC01B98ED} - \Foxtab -> No File <==== ATTENTION
Task: {4784428D-4A1E-4F89-AB5A-CB63F613A353} - System32\Tasks\{889C5A91-D264-4550-95DA-196724F7C8A4} => pcalua.exe -a "C:\Program Files\SaverExtEnsiion\Vr4g4Bn5Im26F4.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {4E3DC8E8-8ADB-458D-B424-2341DB69A79B} - System32\Tasks\Opera scheduled Autoupdate 1419328534 => C:\Program Files\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {4F59613F-0625-44F5-9617-34AE48DE87A7} - \{6154B54B-F7CE-82CD-9B38-E9FC1188F970} -> No File <==== ATTENTION
Task: {62443B58-82F0-4E28-BF23-B0CF11003B2F} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {933777CA-154F-46E3-88AE-8D8110E51AB8} - System32\Tasks\{7095882C-55D6-48B6-830A-B40748EB391E} => pcalua.exe -a "C:\Program Files\SalePlus\MHYQf5xAfdtoPP.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {B43DC576-11B7-433E-B995-4612E9879C47} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {B652DE0D-87F6-4397-B81C-63796FA72B37} - System32\Tasks\{37495DE7-5931-4CAE-A82A-E4C275C0BED8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/id/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {CAFAEC6E-0724-4CF4-A6D8-090931C5D98B} - \userCentrifugallyKingwoodV2 -> No File <==== ATTENTION
Task: {DB6E221A-5F52-4883-8697-B89D8ADDF082} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{6C95E218-B32A-4955-88CA-65FCA3BE5F25}\SupportTasks\1\Support.lnk -> hxxp://support.ea.com/
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{6C95E218-B32A-4955-88CA-65FCA3BE5F25}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ea.com/nfs/carbon/us/home.jsp/

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2007-02-17 05:02 - 2013-01-03 15:38 - 00079800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-02-22 18:24 - 2016-02-22 18:24 - 00174632 _____ () C:\Users\user\Downloads\Garena Plus\ggdllhost.exe
2016-02-24 18:15 - 2016-03-30 14:33 - 03310632 _____ () C:\Users\user\Downloads\Garena Plus\ggspawn.dll
2016-08-09 14:56 - 2016-08-03 07:24 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:56 - 2016-08-03 07:23 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-09 14:56 - 2016-08-03 06:54 - 17602240 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Innosvcd => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SoftonicAssistant => "C:\Users\user\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF55DF36-3B3A-4195-8EC7-93CBC3064418}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7FB1DA94-24AC-49C8-9BB4-25F1440F5EB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C4E7657D-D846-431A-B375-DF72F21C43D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{B75F92AB-5253-4440-9654-94F45745A5FD}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{32B99E46-7CA4-4D35-B7EC-73B5E40E177A}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{B5EBD52A-8A6C-495C-8914-45C0D8B7BB49}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{84844E85-F746-4836-9F8B-2DD4DC6BBFF7}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{CDE097F3-B5C0-47CF-8440-9B34E38C38FC}] => (Allow) C:\Gemscool\PointBlank\PointBlank.exe
FirewallRules: [{63FE68A2-2AEF-4A9D-B30D-D8E5F745C104}] => (Allow) C:\Gemscool\PointBlank\PointBlank.exe
FirewallRules: [{219D2E55-3CA6-4E0A-AAFD-9EB3D5D8438C}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{057FE20A-96B0-4751-B20B-11B4921E3A22}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{58BC5D0F-05D4-4393-8AC2-4F3D8B5B6AE8}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [{AFE59780-6795-4CA7-93E1-D36C420077A1}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [TCP Query User{BA77D0C4-8BA4-42D5-888D-071A3EFA81A1}C:\program files\microsoft games\rise of nations\nations.exe] => (Block) C:\program files\microsoft games\rise of nations\nations.exe
FirewallRules: [UDP Query User{ADF314B4-57CB-4C37-A8B2-C4FBCF5D8195}C:\program files\microsoft games\rise of nations\nations.exe] => (Block) C:\program files\microsoft games\rise of nations\nations.exe
FirewallRules: [{5BAC8B25-CAEA-44CA-AC62-BCCB1A4454EE}] => (Allow) C:\Users\user\LINE\Line.exe
FirewallRules: [{8E037D6B-A56A-49DC-AC85-49C97F23D196}] => (Allow) C:\Users\user\LINE\Line.exe
FirewallRules: [TCP Query User{ACF23A73-DF3A-4A9C-88B4-1F2434E975EE}E:\easysetupassistant\wr842n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr842n\easysetupassistant.exe
FirewallRules: [UDP Query User{6DC0004E-BF93-439A-9AC5-358BE88AAF78}E:\easysetupassistant\wr842n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr842n\easysetupassistant.exe
FirewallRules: [TCP Query User{3BDA6D35-A246-40EF-9DBD-3A68E0DE01B8}E:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [UDP Query User{5CB6CF52-D25A-492C-B1DE-4228A01866FE}E:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [{49B543D8-97BE-4320-841D-3B84E06D9A7B}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{43209761-FBEB-45A9-94E8-1C177053DE33}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{189DCB94-AA42-4442-BB16-8219FA1D0CC6}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{CB910983-84C6-4797-B31C-184E11836320}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{33FB15B6-FE57-4E5C-88B7-40AC1C133776}C:\users\user\line\line.exe] => (Allow) C:\users\user\line\line.exe
FirewallRules: [UDP Query User{6F6AA9AA-4E2B-49DE-9C0B-95422BB078C8}C:\users\user\line\line.exe] => (Allow) C:\users\user\line\line.exe
FirewallRules: [{AB130FB7-6DF0-4F95-8354-EA486AECD18F}] => (Allow) C:\Users\user\Downloads\pbidInstaller.exe
FirewallRules: [{3C77BF32-775D-4F97-AC00-88C4589F710B}] => (Allow) C:\Users\user\Downloads\pbidInstaller.exe
FirewallRules: [{2BAB82FB-D3EC-4C36-A74B-AEB2443AE04E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{01735BC0-0E8A-490A-B7DA-907629A919AC}] => (Allow) C:\Program Files\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{8B76514A-9257-4DEA-B24A-15B398F44CDE}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{384E1056-A49F-4794-B992-C994FC63F05E}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [{14963CF9-3B1A-4CBC-BD62-FC79185AEB6B}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{BB9D7551-A836-477C-8240-9BAB8D28C62B}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [TCP Query User{D1076D46-7E84-44B9-A77D-39211AF00693}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{3A4AA64A-E86C-418B-BE31-DCD17C182CEF}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{ABAE53C1-E284-426E-9D54-95BA45E962BA}C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{9560033A-3E3F-40CE-882F-2AB0D60A7578}C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{A3FC8368-32A4-4704-BCC6-E738D707DCC1}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{1BC205D3-E569-40FB-B391-5D435DBE7423}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [{3716CDE8-4C40-4103-AEFC-83908367A28B}] => (Allow) C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{0352C2C4-F36F-4961-B2E4-FFFE3C05E413}C:\program files\novalogic\delta force xtreme\dfx.exe] => (Block) C:\program files\novalogic\delta force xtreme\dfx.exe
FirewallRules: [UDP Query User{AC0ACF9C-D4AA-4E4A-B848-7E96534DF905}C:\program files\novalogic\delta force xtreme\dfx.exe] => (Block) C:\program files\novalogic\delta force xtreme\dfx.exe
FirewallRules: [{85C224FA-F8A8-4775-81F3-5A083E26182B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0223D83-91F4-40EC-84FE-2637BE3AB8C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{32785A94-E0CB-4062-B53B-B08A5708E786}] => (Allow) C:\GarenaDownload\Games\pbid\pbidInstaller.exe
FirewallRules: [{759A500F-3DF2-466D-8BFA-AFDADE9E6819}] => (Allow) C:\GarenaDownload\Games\pbid\pbidInstaller.exe
FirewallRules: [TCP Query User{7D2F11DA-C6AA-43B2-A96E-A70225FD0986}C:\users\user\downloads\garena plus\garenamessenger.exe] => (Allow) C:\users\user\downloads\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{8DC531C2-84B6-42C9-A51A-96AE56201C02}C:\users\user\downloads\garena plus\garenamessenger.exe] => (Allow) C:\users\user\downloads\garena plus\garenamessenger.exe
FirewallRules: [{936B575F-183B-4B0C-B39A-5D218BB00D6E}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{E2F4FCAC-10F2-4254-860B-A08502ED41F8}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{76FCD2F5-A9EA-4A22-BD9D-07FBEA1D3A66}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{947B6388-796E-4183-A363-17B08C488DF9}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{8EBB87C4-EDBD-46BE-BA30-BFD0F7751003}] => (Allow) %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{85531843-DBB2-45B0-82D4-7FF335F85BA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-08-2016 16:24:07 Windows Update
07-08-2016 16:23:42 Microsoft Antimalware Checkpoint
07-08-2016 20:52:59 Device Driver Package Install: Anvisoft Network Service
09-08-2016 14:34:44 Windows Update
09-08-2016 15:41:34 Microsoft Antimalware Checkpoint

==================== Faulty Device Manager Devices =============

Name: MpKsl0194d930
Description: MpKsl0194d930
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl0194d930
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2016 04:02:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2016 02:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2016 07:36:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2016 05:16:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winamp.exe, version: 5.6.1.3133, time stamp: 0x4d88ec8b
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000005
Fault offset: 0x00032239
Faulting process id: 0xb3c
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (08/07/2016 04:23:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fd5d3c35-1572-49d1-9948-57eab037a8cf}

Error: (08/07/2016 04:22:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2016 10:18:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2016 08:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PokemonGo.RocketAPI.Console.exe, version: 3.6.0.0, time stamp: 0x57a08479
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0
Exception code: 0xe0434352
Fault offset: 0x0000b760
Faulting process id: 0xb04
Faulting application start time: 0xPokemonGo.RocketAPI.Console.exe0
Faulting application path: PokemonGo.RocketAPI.Console.exe1
Faulting module path: PokemonGo.RocketAPI.Console.exe2
Report Id: PokemonGo.RocketAPI.Console.exe3

Error: (08/06/2016 08:46:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PokemonGo.RocketAPI.Console.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
   at PokemonGo.RocketAPI.Console.Program.Main(System.String[])

Error: (08/06/2016 08:45:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PokemonGo.RocketAPI.Console.exe, version: 3.6.0.0, time stamp: 0x57a08479
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0
Exception code: 0xe0434352
Fault offset: 0x0000b760
Faulting process id: 0x1014
Faulting application start time: 0xPokemonGo.RocketAPI.Console.exe0
Faulting application path: PokemonGo.RocketAPI.Console.exe1
Faulting module path: PokemonGo.RocketAPI.Console.exe2
Report Id: PokemonGo.RocketAPI.Console.exe3


System errors:
=============
Error: (08/09/2016 04:01:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
InCDPass
InCDRm

Error: (08/09/2016 04:01:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CutterModule service to connect.

Error: (08/09/2016 02:59:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWriter Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/09/2016 02:19:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
InCDPass
InCDRm

Error: (08/09/2016 02:19:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CutterModule service to connect.

Error: (08/07/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
InCDPass
InCDRm

Error: (08/07/2016 07:35:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CutterModule service to connect.

Error: (08/07/2016 04:45:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/07/2016 04:24:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/07/2016 04:24:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
  Date: 2016-08-09 16:16:59.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 16:00:51.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 15:59:01.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 14:59:18.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 14:41:38.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 14:28:29.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 14:19:19.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-08 23:05:49.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-08 22:54:30.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-08 22:48:55.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 84%
Total physical RAM: 1023.3 MB
Available physical RAM: 156.51 MB
Total Virtual: 6023.3 MB
Available Virtual: 4760.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.26 GB) (Free:26.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:80.69 GB) (Free:80.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 2D6D77B5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=80.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt  under "Optional scan" Select scan, when done post the new logs....
 

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin....

 

Fixlist.txt

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Yes LKGC is the way to go as you`ve got your system running again, the only issue is possible re-infection..... lets run FRST and see what the logs show:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt  under "Optional scan" Select scan, when done post the new logs....
 

 

Link to post
Share on other sites

okay this is weird, but after the adwcleaner done, i was checking the elements which i want to keep. and then the zemana windows appear to the top and said that there was an another suspicious files or programs i dont know but it said that i need to repair it and apply it. so i was apply it and the browser ( chrome ) was shut down. and i was opened the chrome again and yes, the adware was gone. but im still not sure if its absolutely gone or still on my pc but didnt appear. i was opened mozilla too and the adware was gone too. so, what do you think i need to do now ? should i continue the progress or i post the fixlog.txt or the report from the zemana ? let me post the fixlog.txt

 

fixlog.txt ( green )

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016 01
Ran by user (2016-08-10 14:50:09) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Replace: C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe C:\Windows\System32\winlogon.exe
Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll C:\Windows\System32\user32.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\..\Interfaces\{18D9B629-713A-47D4-A18A-8D9C82BAB74E}: [DhcpNameServer] 61.247.0.133 61.247.0.130 202.73.99.4 202.73.99.2
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
R3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
2016-07-23 21:25 - 2016-08-07 19:19 - 00000000 ____D C:\Users\user\AppData\Roaming\dpkfjdig
2016-07-23 14:16 - 2016-07-24 15:56 - 00000000 ____D C:\Users\user\AppData\Roaming\jiycgqxf
2016-07-22 20:02 - 2016-07-24 15:56 - 00000000 ____D C:\Users\user\AppData\Roaming\hhodtwis
2016-07-19 14:18 - 2016-07-24 01:01 - 00000000 ____D C:\Users\user\AppData\Roaming\{14AA2211-31F8-4F67-5ACE-68B5861C958B}
2016-08-07 19:19 - 2016-07-02 17:50 - 00000000 ____D C:\Users\user\AppData\Roaming\msndgfdl
2016-08-07 19:19 - 2016-06-30 18:42 - 00000000 ____D C:\Users\user\AppData\Roaming\obehoaiy
2016-08-07 19:19 - 2016-06-23 15:06 - 00000000 ____D C:\Users\user\AppData\Roaming\odnnnvxe
2016-08-07 19:19 - 2016-06-19 18:22 - 00000000 ____D C:\Users\user\AppData\Roaming\drnjcmry
2016-08-07 19:19 - 2016-06-16 18:48 - 00000000 ____D C:\Users\user\AppData\Roaming\pndmagmv
2016-08-07 19:19 - 2016-06-11 00:13 - 00000000 ____D C:\Users\user\AppData\Roaming\dppfzonn
2016-08-07 19:19 - 2016-06-10 10:37 - 00000000 ____D C:\Users\user\AppData\Roaming\eglqkdrp
2016-08-07 19:19 - 2016-06-10 09:50 - 00000000 ____D C:\Users\user\AppData\Roaming\qrtrmnhp
2016-08-07 19:19 - 2016-06-07 12:11 - 00000000 ____D C:\Users\user\AppData\Roaming\mwcrnxvh
2016-08-07 19:19 - 2016-05-09 23:53 - 00000000 ____D C:\Users\user\AppData\Roaming\pznjzsar
2016-08-07 19:19 - 2016-05-07 11:09 - 00000000 ____D C:\Users\user\AppData\Roaming\pgiatadc
2016-08-07 19:19 - 2016-04-30 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\paymitiw
2016-08-07 19:19 - 2016-03-23 11:58 - 00000000 ____D C:\Users\user\AppData\Roaming\qqyudiyn
2016-08-07 19:19 - 2016-02-05 15:19 - 00000000 ____D C:\Users\user\AppData\Roaming\ejwptvtf
2016-08-07 19:19 - 2016-02-04 23:37 - 00000000 ____D C:\Users\user\AppData\Roaming\pqbgjbag
2016-08-07 19:19 - 2016-01-30 06:55 - 00000000 ____D C:\Users\user\AppData\Roaming\exablnnj
2016-08-07 19:19 - 2016-01-25 22:31 - 00000000 ____D C:\Users\user\AppData\Roaming\njsldbzk
2016-08-07 19:19 - 2016-01-08 15:39 - 00000000 ____D C:\Users\user\AppData\Roaming\ogsoakrf
2016-08-07 19:19 - 2015-12-08 23:10 - 00000000 ____D C:\Users\user\AppData\Roaming\ngxrzvvi
2016-08-07 19:19 - 2015-09-04 18:46 - 00000000 ____D C:\Users\user\AppData\Roaming\nkstybpw
2016-08-07 19:19 - 2015-03-18 08:14 - 00000000 ____D C:\Users\user\AppData\Roaming\fdlsmwyb
2016-08-07 19:19 - 2015-01-29 18:26 - 00000000 ____D C:\Users\user\AppData\Roaming\dtilzwxx
2016-08-07 19:19 - 2015-01-25 23:47 - 00000000 ____D C:\Users\user\AppData\Roaming\sctkfjqk
2016-08-07 19:19 - 2015-01-24 17:21 - 00000000 ____D C:\Users\user\AppData\Roaming\qqkbtsfc
2016-08-07 19:19 - 2007-02-15 07:49 - 00000000 ____D C:\Users\user\AppData\Roaming\phmxjpvs
2016-08-07 19:19 - 2007-02-15 00:20 - 00000000 ____D C:\Users\user\AppData\Roaming\psuoarzq
2016-08-07 19:19 - 2007-02-15 00:05 - 00000000 ____D C:\Users\user\AppData\Roaming\mwnekhqu
2016-07-24 15:56 - 2016-07-09 22:00 - 00000000 ____D C:\Users\user\AppData\Roaming\jszaqsdn
2016-07-24 15:56 - 2016-07-09 11:22 - 00000000 ____D C:\Users\user\AppData\Roaming\iysqhvos
2016-07-24 15:56 - 2016-06-28 18:53 - 00000000 ____D C:\Users\user\AppData\Roaming\tudychlo
2016-07-24 15:56 - 2016-06-25 13:18 - 00000000 ____D C:\Users\user\AppData\Roaming\mczxjfww
2016-07-24 15:56 - 2016-06-23 18:58 - 00000000 ____D C:\Users\user\AppData\Roaming\llgmebag
2016-07-24 15:56 - 2016-06-21 14:14 - 00000000 ____D C:\Users\user\AppData\Roaming\kwmkvswy
2016-07-24 15:56 - 2016-06-20 16:09 - 00000000 ____D C:\Users\user\AppData\Roaming\lyfntkze
2016-07-24 15:56 - 2016-06-20 03:26 - 00000000 ____D C:\Users\user\AppData\Roaming\khitfriy
2016-07-24 15:56 - 2016-06-14 23:50 - 00000000 ____D C:\Users\user\AppData\Roaming\hifmqnmr
2016-07-24 15:56 - 2016-06-13 22:10 - 00000000 ____D C:\Users\user\AppData\Roaming\weoxfgff
2016-07-24 15:56 - 2016-06-13 00:33 - 00000000 ____D C:\Users\user\AppData\Roaming\wizfnskg
2016-07-24 15:56 - 2016-06-11 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\wfzwertg
2016-07-24 15:56 - 2016-06-08 22:11 - 00000000 ____D C:\Users\user\AppData\Roaming\kyjriprf
2016-07-24 15:56 - 2016-06-08 19:02 - 00000000 ____D C:\Users\user\AppData\Roaming\wpfbosnz
2016-07-24 15:56 - 2016-06-07 22:22 - 00000000 ____D C:\Users\user\AppData\Roaming\vzsfmmuy
2016-07-24 15:56 - 2016-06-05 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\zeclmbcn
2016-07-24 15:56 - 2016-05-21 12:30 - 00000000 ____D C:\Users\user\AppData\Roaming\jqcscksz
2016-07-24 15:56 - 2016-05-20 18:12 - 00000000 ____D C:\Users\user\AppData\Roaming\jmcseecw
2016-07-24 15:56 - 2016-05-19 21:55 - 00000000 ____D C:\Users\user\AppData\Roaming\rfwxotjv
2016-07-24 15:56 - 2016-05-18 11:49 - 00000000 ____D C:\Users\user\AppData\Roaming\yeemeyrz
2016-07-24 15:56 - 2016-05-14 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ukiwnkwh
2016-07-24 15:56 - 2016-05-13 18:47 - 00000000 ____D C:\Users\user\AppData\Roaming\smxnbqwz
2016-07-24 15:56 - 2016-05-13 00:14 - 00000000 ____D C:\Users\user\AppData\Roaming\hyaknpgr
2016-07-24 15:56 - 2016-05-09 21:31 - 00000000 ____D C:\Users\user\AppData\Roaming\rqwlagzv
2016-07-24 15:56 - 2016-05-09 15:22 - 00000000 ____D C:\Users\user\AppData\Roaming\khcqwzex
2016-07-24 15:56 - 2016-05-08 12:57 - 00000000 ____D C:\Users\user\AppData\Roaming\wvcylmez
2016-07-24 15:56 - 2016-05-05 09:33 - 00000000 ____D C:\Users\user\AppData\Roaming\tpxxfkez
2016-07-24 15:56 - 2016-05-01 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\jpcbosga
2016-07-24 15:56 - 2016-04-30 12:11 - 00000000 ____D C:\Users\user\AppData\Roaming\jxmzyuhg
2016-07-24 15:56 - 2016-04-29 12:41 - 00000000 ____D C:\Users\user\AppData\Roaming\rvbtmcpd
2016-07-24 15:56 - 2016-04-29 07:35 - 00000000 ____D C:\Users\user\AppData\Roaming\uncyukvx
2016-07-24 15:56 - 2016-04-27 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\utqwaabt
2016-07-24 15:56 - 2016-04-26 13:20 - 00000000 ____D C:\Users\user\AppData\Roaming\khohcbcf
2016-07-24 15:56 - 2016-04-16 17:23 - 00000000 ____D C:\Users\user\AppData\Roaming\ydmzxymn
2016-07-24 15:56 - 2016-04-16 13:51 - 00000000 ____D C:\Users\user\AppData\Roaming\tmmgvyaw
2016-07-24 15:56 - 2016-03-05 23:28 - 00000000 ____D C:\Users\user\AppData\Roaming\zhxudnfs
2016-07-24 15:56 - 2016-02-28 10:14 - 00000000 ____D C:\Users\user\AppData\Roaming\hhvyilre
2016-07-24 15:56 - 2016-02-16 22:21 - 00000000 ____D C:\Users\user\AppData\Roaming\rylwivpy
2016-07-24 15:56 - 2016-02-03 21:29 - 00000000 ____D C:\Users\user\AppData\Roaming\lckxgbnl
2016-07-24 15:56 - 2016-01-19 07:14 - 00000000 ____D C:\Users\user\AppData\Roaming\zufgqdjd
2016-07-24 15:56 - 2016-01-18 15:20 - 00000000 ____D C:\Users\user\AppData\Roaming\wiqhcopk
2016-07-24 15:56 - 2016-01-17 23:51 - 00000000 ____D C:\Users\user\AppData\Roaming\yriyuyqe
2016-07-24 15:56 - 2016-01-09 17:48 - 00000000 ____D C:\Users\user\AppData\Roaming\xhdacobf
2016-07-24 15:56 - 2016-01-03 17:43 - 00000000 ____D C:\Users\user\AppData\Roaming\xmymnwcq
2016-07-24 15:56 - 2015-12-21 13:13 - 00000000 ____D C:\Users\user\AppData\Roaming\jvjryrdj
2016-07-24 15:56 - 2015-12-12 18:25 - 00000000 ____D C:\Users\user\AppData\Roaming\yjbjsldi
2016-07-24 15:56 - 2015-12-12 16:18 - 00000000 ____D C:\Users\user\AppData\Roaming\vhexrplv
2016-07-24 15:56 - 2015-12-09 22:49 - 00000000 ____D C:\Users\user\AppData\Roaming\wtokpfxb
2016-07-24 15:56 - 2015-12-08 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\kykzebmk
2016-07-24 15:56 - 2015-11-02 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\ywztptwt
2016-07-24 15:56 - 2015-06-01 21:29 - 00000000 ____D C:\Users\user\AppData\Roaming\rukatgqq
2016-07-24 15:56 - 2015-05-12 01:43 - 00000000 ____D C:\Users\user\AppData\Roaming\vilkvkey
2016-07-24 15:56 - 2015-03-13 13:44 - 00000000 ____D C:\Users\user\AppData\Roaming\ymxuurqw
2016-07-24 15:56 - 2015-02-12 05:35 - 00000000 ____D C:\Users\user\AppData\Roaming\uzaivaga
2016-07-24 15:56 - 2015-02-11 15:30 - 00000000 ____D C:\Users\user\AppData\Roaming\sfuajixl
2016-07-24 15:56 - 2007-02-15 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\gsetnxvb
2016-07-24 15:56 - 2007-02-15 00:21 - 00000000 ____D C:\Users\user\AppData\Roaming\gieqhyep
2016-07-24 15:56 - 2007-02-15 00:02 - 00000000 ____D C:\Users\user\AppData\Roaming\uhozzgjt
2016-07-24 15:11 - 2016-02-28 21:16 - 00000000 ____D C:\Users\user\AppData\Roaming\dbzduqyv
2016-07-24 01:58 - 2016-06-24 13:05 - 00000000 ____D C:\Users\user\AppData\Roaming\bxixwxep
2016-07-24 01:58 - 2016-05-06 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\cjgastms
2016-07-24 01:58 - 2016-04-24 23:09 - 00000000 ____D C:\Users\user\AppData\Roaming\buigcvgm
2016-07-24 01:53 - 2016-06-11 22:22 - 00000000 ____D C:\Users\user\AppData\Roaming\bsefpbza
2016-07-24 01:53 - 2015-05-05 05:33 - 00000000 ____D C:\Users\user\AppData\Roaming\bhiecivx
2016-07-24 01:48 - 2016-06-15 22:56 - 00000000 ____D C:\Users\user\AppData\Roaming\awcjfxtm
2016-07-24 01:48 - 2015-04-28 17:47 - 00000000 ____D C:\Users\user\AppData\Roaming\afwjzugr
2016-07-24 01:43 - 2016-02-26 20:03 - 00000000 ____D C:\ProgramData\80549ce9
2007-02-15 00:05 - 2007-02-15 00:05 - 6420480 _____ () C:\Program Files\GUT41AE.tmp
2015-02-12 10:20 - 2015-02-12 10:20 - 6103040 _____ () C:\Program Files\GUT7069.tmp
2007-02-15 00:08 - 2007-02-15 00:08 - 0000000 _____ () C:\Program Files\GUTD588.tmp
Task: {1A69E56C-C44D-4B29-9A13-8D1C0282506A} - System32\Tasks\UpdateTask => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE
C:\Users\user\AppData\Local\{804AB~1
Task: {2290A225-5460-4BD0-9B6B-BBCC737CCAF4} - \{CA13FAB3-5290-0682-FAF4-587B10AA7A33} -> No File <==== ATTENTION
Task: {2ABAF70E-261F-40D0-A37B-171C14AF678F} - \Superclean -> No File <==== ATTENTION
Task: {3B25E983-9659-4E18-931C-60CCC01B98ED} - \Foxtab -> No File <==== ATTENTION
Task: {4F59613F-0625-44F5-9617-34AE48DE87A7} - \{6154B54B-F7CE-82CD-9B38-E9FC1188F970} -> No File <==== ATTENTION
Task: {62443B58-82F0-4E28-BF23-B0CF11003B2F} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {CAFAEC6E-0724-4CF4-A6D8-090931C5D98B} - \userCentrifugallyKingwoodV2 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE 
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\winlogon.exe => moved successfully
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe copied successfully to C:\Windows\System32\winlogon.exe
C:\Windows\System32\user32.dll => moved successfully
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll copied successfully to C:\Windows\System32\user32.dll
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18D9B629-713A-47D4-A18A-8D9C82BAB74E}\\DhcpNameServer => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
EagleXNt => service removed successfully.
gkernel => Unable to stop service.
gkernel => service removed successfully.
InCDFs => service removed successfully.
InCDPass => service removed successfully.
InCDRm => service removed successfully.
VGPU => service removed successfully.
xhunter1 => service removed successfully.
xspirit => service removed successfully.
C:\Users\user\AppData\Roaming\dpkfjdig => moved successfully
C:\Users\user\AppData\Roaming\jiycgqxf => moved successfully
C:\Users\user\AppData\Roaming\hhodtwis => moved successfully
C:\Users\user\AppData\Roaming\{14AA2211-31F8-4F67-5ACE-68B5861C958B} => moved successfully
C:\Users\user\AppData\Roaming\msndgfdl => moved successfully
C:\Users\user\AppData\Roaming\obehoaiy => moved successfully
C:\Users\user\AppData\Roaming\odnnnvxe => moved successfully
C:\Users\user\AppData\Roaming\drnjcmry => moved successfully
C:\Users\user\AppData\Roaming\pndmagmv => moved successfully
C:\Users\user\AppData\Roaming\dppfzonn => moved successfully
C:\Users\user\AppData\Roaming\eglqkdrp => moved successfully
C:\Users\user\AppData\Roaming\qrtrmnhp => moved successfully
C:\Users\user\AppData\Roaming\mwcrnxvh => moved successfully
C:\Users\user\AppData\Roaming\pznjzsar => moved successfully
C:\Users\user\AppData\Roaming\pgiatadc => moved successfully
C:\Users\user\AppData\Roaming\paymitiw => moved successfully
C:\Users\user\AppData\Roaming\qqyudiyn => moved successfully
C:\Users\user\AppData\Roaming\ejwptvtf => moved successfully
C:\Users\user\AppData\Roaming\pqbgjbag => moved successfully
C:\Users\user\AppData\Roaming\exablnnj => moved successfully
C:\Users\user\AppData\Roaming\njsldbzk => moved successfully
C:\Users\user\AppData\Roaming\ogsoakrf => moved successfully
C:\Users\user\AppData\Roaming\ngxrzvvi => moved successfully
C:\Users\user\AppData\Roaming\nkstybpw => moved successfully
C:\Users\user\AppData\Roaming\fdlsmwyb => moved successfully
C:\Users\user\AppData\Roaming\dtilzwxx => moved successfully
C:\Users\user\AppData\Roaming\sctkfjqk => moved successfully
C:\Users\user\AppData\Roaming\qqkbtsfc => moved successfully
C:\Users\user\AppData\Roaming\phmxjpvs => moved successfully
C:\Users\user\AppData\Roaming\psuoarzq => moved successfully
C:\Users\user\AppData\Roaming\mwnekhqu => moved successfully
C:\Users\user\AppData\Roaming\jszaqsdn => moved successfully
C:\Users\user\AppData\Roaming\iysqhvos => moved successfully
C:\Users\user\AppData\Roaming\tudychlo => moved successfully
C:\Users\user\AppData\Roaming\mczxjfww => moved successfully
C:\Users\user\AppData\Roaming\llgmebag => moved successfully
C:\Users\user\AppData\Roaming\kwmkvswy => moved successfully
C:\Users\user\AppData\Roaming\lyfntkze => moved successfully
C:\Users\user\AppData\Roaming\khitfriy => moved successfully
C:\Users\user\AppData\Roaming\hifmqnmr => moved successfully
C:\Users\user\AppData\Roaming\weoxfgff => moved successfully
C:\Users\user\AppData\Roaming\wizfnskg => moved successfully
C:\Users\user\AppData\Roaming\wfzwertg => moved successfully
C:\Users\user\AppData\Roaming\kyjriprf => moved successfully
C:\Users\user\AppData\Roaming\wpfbosnz => moved successfully
C:\Users\user\AppData\Roaming\vzsfmmuy => moved successfully
C:\Users\user\AppData\Roaming\zeclmbcn => moved successfully
C:\Users\user\AppData\Roaming\jqcscksz => moved successfully
C:\Users\user\AppData\Roaming\jmcseecw => moved successfully
C:\Users\user\AppData\Roaming\rfwxotjv => moved successfully
C:\Users\user\AppData\Roaming\yeemeyrz => moved successfully
C:\Users\user\AppData\Roaming\ukiwnkwh => moved successfully
C:\Users\user\AppData\Roaming\smxnbqwz => moved successfully
C:\Users\user\AppData\Roaming\hyaknpgr => moved successfully
C:\Users\user\AppData\Roaming\rqwlagzv => moved successfully
C:\Users\user\AppData\Roaming\khcqwzex => moved successfully
C:\Users\user\AppData\Roaming\wvcylmez => moved successfully
C:\Users\user\AppData\Roaming\tpxxfkez => moved successfully
C:\Users\user\AppData\Roaming\jpcbosga => moved successfully
C:\Users\user\AppData\Roaming\jxmzyuhg => moved successfully
C:\Users\user\AppData\Roaming\rvbtmcpd => moved successfully
C:\Users\user\AppData\Roaming\uncyukvx => moved successfully
C:\Users\user\AppData\Roaming\utqwaabt => moved successfully
C:\Users\user\AppData\Roaming\khohcbcf => moved successfully
C:\Users\user\AppData\Roaming\ydmzxymn => moved successfully
C:\Users\user\AppData\Roaming\tmmgvyaw => moved successfully
C:\Users\user\AppData\Roaming\zhxudnfs => moved successfully
C:\Users\user\AppData\Roaming\hhvyilre => moved successfully
C:\Users\user\AppData\Roaming\rylwivpy => moved successfully
C:\Users\user\AppData\Roaming\lckxgbnl => moved successfully
C:\Users\user\AppData\Roaming\zufgqdjd => moved successfully
C:\Users\user\AppData\Roaming\wiqhcopk => moved successfully
C:\Users\user\AppData\Roaming\yriyuyqe => moved successfully
C:\Users\user\AppData\Roaming\xhdacobf => moved successfully
C:\Users\user\AppData\Roaming\xmymnwcq => moved successfully
C:\Users\user\AppData\Roaming\jvjryrdj => moved successfully
C:\Users\user\AppData\Roaming\yjbjsldi => moved successfully
C:\Users\user\AppData\Roaming\vhexrplv => moved successfully
C:\Users\user\AppData\Roaming\wtokpfxb => moved successfully
C:\Users\user\AppData\Roaming\kykzebmk => moved successfully
C:\Users\user\AppData\Roaming\ywztptwt => moved successfully
C:\Users\user\AppData\Roaming\rukatgqq => moved successfully
C:\Users\user\AppData\Roaming\vilkvkey => moved successfully
C:\Users\user\AppData\Roaming\ymxuurqw => moved successfully
C:\Users\user\AppData\Roaming\uzaivaga => moved successfully
C:\Users\user\AppData\Roaming\sfuajixl => moved successfully
C:\Users\user\AppData\Roaming\gsetnxvb => moved successfully
C:\Users\user\AppData\Roaming\gieqhyep => moved successfully
C:\Users\user\AppData\Roaming\uhozzgjt => moved successfully
C:\Users\user\AppData\Roaming\dbzduqyv => moved successfully
C:\Users\user\AppData\Roaming\bxixwxep => moved successfully
C:\Users\user\AppData\Roaming\cjgastms => moved successfully
C:\Users\user\AppData\Roaming\buigcvgm => moved successfully
C:\Users\user\AppData\Roaming\bsefpbza => moved successfully
C:\Users\user\AppData\Roaming\bhiecivx => moved successfully
C:\Users\user\AppData\Roaming\awcjfxtm => moved successfully
C:\Users\user\AppData\Roaming\afwjzugr => moved successfully
C:\ProgramData\80549ce9 => moved successfully
C:\Program Files\GUT41AE.tmp => moved successfully
C:\Program Files\GUT7069.tmp => moved successfully
C:\Program Files\GUTD588.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A69E56C-C44D-4B29-9A13-8D1C0282506A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A69E56C-C44D-4B29-9A13-8D1C0282506A}" => key removed successfully.
C:\Windows\System32\Tasks\UpdateTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully.
"C:\Users\user\AppData\Local\{804AB~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2290A225-5460-4BD0-9B6B-BBCC737CCAF4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2290A225-5460-4BD0-9B6B-BBCC737CCAF4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA13FAB3-5290-0682-FAF4-587B10AA7A33}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ABAF70E-261F-40D0-A37B-171C14AF678F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABAF70E-261F-40D0-A37B-171C14AF678F}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B25E983-9659-4E18-931C-60CCC01B98ED}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B25E983-9659-4E18-931C-60CCC01B98ED}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Foxtab => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F59613F-0625-44F5-9617-34AE48DE87A7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F59613F-0625-44F5-9617-34AE48DE87A7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6154B54B-F7CE-82CD-9B38-E9FC1188F970}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62443B58-82F0-4E28-BF23-B0CF11003B2F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62443B58-82F0-4E28-BF23-B0CF11003B2F}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAFAEC6E-0724-4CF4-A6D8-090931C5D98B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAFAEC6E-0724-4CF4-A6D8-090931C5D98B}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\userCentrifugallyKingwoodV2 => key not found. 
C:\Windows\Tasks\UpdateTask.job => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

 

Zemana report, type : smart scan ( first scan ) ( red )

 

Zemana AntiMalware 2.21.2.321 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/8/10
Operating System       : Windows 7 32-bit
Processor              : 2X Intel(R) Pentium(R) 4 CPU 3.00GHz
BIOS Mode              : Legacy
CUID                   : 12120F98BC302835D4EFA4
Scan Type              : Smart Scan
Duration               : 5m 40s
Scanned Objects        : 11004
Detected Objects       : 11
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Fake Firefox Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\моzillа firеfох.lnk
MD5                : 43C336F8DA7A8D3B4D07D43AE5549DDA
Publisher          : -
Size               : 2069
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Firefox Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\моzillа firеfох.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\startmenu\gооglе сhrоmе.lnk
MD5                : 45E4C85F826AEF70BBCE40947214C0D3
Publisher          : -
Size               : 2166
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\startmenu\gооglе сhrоmе.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\gооglе сhrоmе.lnk
MD5                : 738499E683C247A0FAD7B403EC74416B
Publisher          : -
Size               : 2201
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\gооglе сhrоmе.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\chromium.lnk
MD5                : C41846398F186510A23CB27E4B25BC7D
Publisher          : -
Size               : 2414
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\chromium.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %userprofile%\desktop\chromium.lnk
MD5                : C3F60EB4A341E98EF0A7C1245667FF26
Publisher          : -
Size               : 2412
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %userprofile%\desktop\chromium.lnk

lhmiofmipcpmhgihiecmpiekcacigpgb
Status             : Scanned
Object             : %programdata%\anvisoft\anvi smart defender 2\extensions\chrome.crx
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - lhmiofmipcpmhgihiecmpiekcacigpgb

Tabs Hijack (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = https://id.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_06_fxtb103¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Did%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtDzz0D0Czz0FtD0AtAtAyEzy0EtN0D0Tzu0StCyDtDyEtN1L2XzutAtFtCyBtFzytFtCtN1L1Czu1M1Q1CtBtBtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDtD0E0DtBzztAyDtGyCyC0EtBtGyEyByDyCtGyBtB0ByBtGyEzz0F0AyD0FtD0D0Dzz0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAzzyDyBtCyB0BtG0F0AzyzztGyEyEyCyBtGzy0AtDtAtGyE0AyCyE0BtCyE0C0ByDyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEyBtB%26cr%3D1789383572%26a%3Dhdr_s_16_06_fxtb103%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

winlogon.exe
Status             : Scanned
Object             : %systemroot%\system32\winlogon.exe
MD5                : 6D13E1406F50C66E2A95D97F22C47560
Publisher          : Microsoft Windows
Size               : 286720
Version            : 6.1.7601.17514
Detection          : Hollow Process
Cleaning Action    : Repair
Related Objects    :
                Process - 604 - C:\FRST\Quarantine\C\Windows\System32\winlogon.exe.xBAD
                File - %systemroot%\system32\winlogon.exe

RewRun3.exe
Status             : Scanned
Object             : %appdata%\hprewriter2\rewrun3.exe
MD5                : 25295D35CE69D44E4E2C48DA56F52103
Publisher          : -
Size               : 5260800
Version            : 3.8.153.34098
Detection          : Malware:Win32/Generic!Ckrk
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\hprewriter2\rewrun3.exe
                Reference - C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk

HPWriterSrv2.exe
Status             : Scanned
Object             : %appdata%\hprewriter2\hpwritersrv2.exe
MD5                : EDB6C9A27421BC5CC0C7E3DD8459338A
Publisher          : -
Size               : 4156416
Version            : 9.12.167.6089
Detection          : Malware:Win32/Edizz!Iarr
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\hprewriter2\hpwritersrv2.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\HPWriter Service\ImagePath = C:\Users\user\AppData\Roaming\HPRewriter2\HPWriterSrv2.exe

CouponPrinter.ocx
Status             : Scanned
Object             : %systemroot%\couponprinter.ocx
MD5                : 55CDB354A0EE4DE00A3F7453A5CFF324
Publisher          : Coupons, Inc.
Size               : 71072
Version            : 4.0.0.3
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\couponprinter.ocx
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\COUPON~1.OCX
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\InprocServer32\@ = C:\Windows\COUPON~1.OCX
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\@ = C:\Windows\COUPON~1.OCX


Cleaning Result
-------------------------------------------------------
Cleaned               : 11
Reported as safe      : 0
Failed                : 0

 

Zemana report, type : scheduled scan ( second scan or sudden scan ) ( blue )

Zemana AntiMalware 2.21.2.321 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/8/10
Operating System       : Windows 7 32-bit
Processor              : 2X Intel(R) Pentium(R) 4 CPU 3.00GHz
BIOS Mode              : Legacy
CUID                   : 12120F98BC302835D4EFA4
Scan Type              : Scheduled Scan
Duration               : 9m 39s
Scanned Objects        : 11761
Detected Objects       : 9
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Fake Firefox Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\моzillа firеfох.lnk
MD5                : 43C336F8DA7A8D3B4D07D43AE5549DDA
Publisher          : -
Size               : 2069
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Firefox Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\моzillа firеfох.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\startmenu\gооglе сhrоmе.lnk
MD5                : 45E4C85F826AEF70BBCE40947214C0D3
Publisher          : -
Size               : 2166
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\startmenu\gооglе сhrоmе.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\gооglе сhrоmе.lnk
MD5                : 738499E683C247A0FAD7B403EC74416B
Publisher          : -
Size               : 2201
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\gооglе сhrоmе.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\chromium.lnk
MD5                : C41846398F186510A23CB27E4B25BC7D
Publisher          : -
Size               : 2414
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\chromium.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %userprofile%\desktop\chromium.lnk
MD5                : C3F60EB4A341E98EF0A7C1245667FF26
Publisher          : -
Size               : 2412
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %userprofile%\desktop\chromium.lnk

lhmiofmipcpmhgihiecmpiekcacigpgb
Status             : Scanned
Object             : %programdata%\anvisoft\anvi smart defender 2\extensions\chrome.crx
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - lhmiofmipcpmhgihiecmpiekcacigpgb

Tabs Hijack (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = https://id.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_06_fxtb103¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Did%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtDzz0D0Czz0FtD0AtAtAyEzy0EtN0D0Tzu0StCyDtDyEtN1L2XzutAtFtCyBtFzytFtCtN1L1Czu1M1Q1CtBtBtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDtD0E0DtBzztAyDtGyCyC0EtBtGyEyByDyCtGyBtB0ByBtGyEzz0F0AyD0FtD0D0Dzz0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAzzyDyBtCyB0BtG0F0AzyzztGyEyEyCyBtGzy0AtDtAtGyE0AyCyE0BtCyE0C0ByDyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEyBtB%26cr%3D1789383572%26a%3Dhdr_s_16_06_fxtb103%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

RewRun3.exe
Status             : Scanned
Object             : %appdata%\hprewriter2\rewrun3.exe
MD5                : 25295D35CE69D44E4E2C48DA56F52103
Publisher          : -
Size               : 5260800
Version            : 3.8.153.34098
Detection          : Malware:Win32/Generic!Ckrk
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\hprewriter2\rewrun3.exe
                Reference - C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk

CouponPrinter.ocx
Status             : Scanned
Object             : %systemroot%\couponprinter.ocx
MD5                : 55CDB354A0EE4DE00A3F7453A5CFF324
Publisher          : Coupons, Inc.
Size               : 71072
Version            : 4.0.0.3
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\couponprinter.ocx
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\COUPON~1.OCX
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\InprocServer32\@ = C:\Windows\COUPON~1.OCX
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\@ = C:\Windows\COUPON~1.OCX


Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0

 

 

Link to post
Share on other sites

yes Zemana has repaired browser entries again, possibly LKGC brought those entries back, I want two fresh logs from FRST to see if any other infected entries are also back..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt  under "Optional scan" Select scan, when done post the new logs....

 

Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016 01
Ran by user (administrator) on USER-PC (10-08-2016 22:21:46)
Running from C:\Users\user\Desktop
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
() C:\Users\user\Desktop\AdwCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [13922544 2016-08-09] (Zemana Ltd.)
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{18D9B629-713A-47D4-A18A-8D9C82BAB74E}: [DhcpNameServer] 61.247.0.133 61.247.0.130 202.73.99.4 202.73.99.2
Tcpip\..\Interfaces\{1AD66B58-C5F3-4679-9A69-C29A8E477959}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3DC0582F-6C7A-4268-976B-A873CA74E5B2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{53677DC8-B7FF-46A4-A35E-55F560BEEF83}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{53677DC8-B7FF-46A4-A35E-55F560BEEF83}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CEFB7252-4B6E-455B-960D-2E1B627E574A}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://plasa.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\u52asnkz.default-1469286427057
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Users\user\Downloads\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3897908082-2070258231-4265155790-1001: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-03-23] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Innorix File Transfer Solution) - C:\Program Files\INNORIX\npinnogmp.dll (INNORIX)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (Google Dokumen Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2007-02-15]
CHR Extension: (http://ask.fm/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodkangnoihaogpgakjfdkepoljfcfbc [2016-01-15]
CHR Extension: (https://plus.google.com/u/0/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jginlfhgcfmfhaabnekdaemhegpebfip [2016-01-15]
CHR Extension: (Сияние) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidbpkjafbnohlnbflllphpkfmojpdac [2016-08-07]
CHR Extension: (Pembayaran Toko Web Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2007-02-15]
CHR Extension: (https://www.google.com/) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkolgldfknecfjnhhglfopimelbaceh [2016-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-18]

Opera: 
=======
OPR StartupUrls:  "hxxp://www.mystartsearch.com/?type=hp&ts=1428909754&from=wpc&uid=ST3160815SV_5RX63JTHXXXX5RX63JTH" 

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-02-17] (Macrovision Europe Ltd.) [File not signed]
S2 HPWriter Service; C:\Users\user\AppData\Roaming\HPRewriter2\HPWriterSrv2.exe [4156416 2016-08-06] () [File not signed]
S4 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13922544 2016-08-09] (Zemana Ltd.)
S2 4622402a; "C:\Windows\system32\rundll32.exe" "c:\Program Files\CutterModule\CutterModule.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
R1 MpKsl1b332fcd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3140038C-BB1D-4D1C-A706-0570952A898D}\MpKsl1b332fcd.sys [39168 2016-08-10] (Microsoft Corporation)
S3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-30] (Motorola Inc.)
R3 RD9700; C:\Windows\System32\DRIVERS\RD9700.sys [16512 2012-01-04] (Corechip Semiconductor, Inc. Co Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-08-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-08-10] (Zemana Ltd.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
R3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 11:23 - 2020-03-31 11:26 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TMContainer00000000000000000002.regtrans-ms
2020-03-31 11:23 - 2020-03-31 11:26 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TMContainer00000000000000000001.regtrans-ms
2020-03-31 11:23 - 2020-03-31 11:26 - 00065536 ___SH C:\Users\UpdatusUser\NTUSER.DAT{9a36c4d3-7306-11ea-a391-00508dc8f0a3}.TM.blf
2016-08-10 21:48 - 2016-08-10 21:48 - 03712064 _____ C:\Users\user\Desktop\AdwCleaner.exe
2016-08-10 21:45 - 2016-08-10 22:22 - 00074042 _____ C:\Windows\ZAM.krnl.trace
2016-08-10 21:45 - 2016-08-10 22:22 - 00008821 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-08-10 21:45 - 2016-08-10 21:45 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2016-08-10 21:45 - 2016-08-10 21:45 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2016-08-10 21:45 - 2016-08-10 21:45 - 00001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-08-10 21:45 - 2016-08-10 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-08-10 21:40 - 2016-08-10 21:41 - 05697904 _____ ( ) C:\Users\user\Desktop\Zemana.AntiMalware.Setup.exe
2016-08-10 15:15 - 2016-08-10 21:49 - 00000000 ____D C:\AdwCleaner
2016-08-10 14:56 - 2016-08-10 21:45 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-08-10 14:55 - 2016-08-10 14:55 - 00000000 ____D C:\Users\user\AppData\Local\Zemana
2016-08-10 14:50 - 2016-08-10 14:51 - 00022809 _____ C:\Users\user\Desktop\Fixlog(reply 9).txt
2016-08-10 14:49 - 2016-08-10 14:49 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2016-08-10 14:48 - 2016-08-10 14:48 - 00011432 _____ C:\Users\user\Desktop\Fixlist.txt
2016-08-09 18:22 - 2016-08-09 18:25 - 00001683 _____ C:\Users\user\Desktop\Search.txt
2016-08-09 16:28 - 2016-08-09 16:30 - 00045171 _____ C:\Users\user\Desktop\Addition.txt
2016-08-09 16:27 - 2016-08-10 22:22 - 00016350 _____ C:\Users\user\Desktop\FRST.txt
2016-08-09 16:26 - 2016-08-10 22:21 - 00000000 ____D C:\FRST
2016-08-09 16:25 - 2016-08-10 14:49 - 01743872 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2016-08-09 15:22 - 2016-08-10 21:30 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-09 15:06 - 2016-08-09 15:06 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-09 15:06 - 2016-08-09 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-09 15:05 - 2016-08-09 15:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-09 15:05 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-09 15:05 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-09 15:05 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-09 14:59 - 2016-08-09 15:00 - 00005008 _____ C:\Users\user\Desktop\Rkill.txt
2016-08-09 14:46 - 2016-08-09 14:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.com
2016-08-09 14:32 - 2016-04-11 03:55 - 13347841 _____ C:\Users\user\Desktop\XIGNCODE.rar
2016-08-09 14:32 - 2015-11-26 05:57 - 05331464 _____ C:\Users\user\Desktop\[Pricelist] Kios Pasar Modern @Intermoda BSD City.pdf
2016-08-09 14:32 - 2015-01-26 00:54 - 00000364 _____ C:\Users\user\Desktop\pos.dat
2016-08-09 14:32 - 2014-12-27 01:17 - 01307106 _____ C:\Users\user\Desktop\Survey Remover V3.02 Updated.zip
2016-08-09 14:32 - 2014-05-26 14:54 - 01070624 _____ (Unity Technologies ApS) C:\Users\user\Desktop\UnityWebPlayer.exe
2016-08-09 14:31 - 2015-11-04 20:44 - 1272583000 _____ C:\Users\user\Desktop\PointBlank_GarenaPlus_Install_1026.exe
2016-08-09 14:30 - 2016-08-07 18:55 - 22851472 _____ (Malwarebytes ) C:\Users\user\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-09 14:30 - 2016-03-05 20:03 - 77267144 _____ C:\Users\user\Desktop\Garena+_Install_id (1).exe
2016-08-09 14:30 - 2015-11-04 20:37 - 77494272 _____ C:\Users\user\Desktop\Garena+_Install_id.exe
2016-08-09 14:30 - 2015-11-04 19:40 - 02739648 _____ C:\Users\user\Desktop\pbidInstaller.exe
2016-08-09 14:30 - 2014-08-18 21:30 - 00895120 _____ (Google Inc.) C:\Users\user\Desktop\googledrivesync.exe
2016-08-09 14:30 - 2014-07-19 21:22 - 00895120 _____ (Google Inc.) C:\Users\user\Desktop\GoogleVoiceAndVideoSetup.exe
2016-08-09 14:30 - 2014-05-27 10:48 - 07760696 _____ (INNORIX) C:\Users\user\Desktop\InnoGMP_Win.exe
2016-08-09 14:30 - 2014-03-26 21:37 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (3).exe
2016-08-09 14:30 - 2014-03-26 21:37 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (2).exe
2016-08-09 14:30 - 2014-03-26 21:35 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup (1).exe
2016-08-09 14:30 - 2014-03-26 21:34 - 00847824 _____ (Google Inc.) C:\Users\user\Desktop\GoogleEarthSetup.exe
2016-08-09 14:29 - 2016-08-09 14:32 - 00000000 ____D C:\Users\user\Desktop\Garena Plus
2016-08-09 14:29 - 2016-08-07 20:49 - 39269240 _____ (Anvisoft) C:\Users\user\Desktop\asdsetup.exe
2016-08-09 14:29 - 2016-01-15 14:44 - 00927824 _____ (Google Inc.) C:\Users\user\Desktop\ChromeSetup(1).exe
2016-08-09 14:29 - 2014-12-23 18:46 - 00880784 _____ (Google Inc.) C:\Users\user\Desktop\ChromeSetup.exe
2016-08-07 21:36 - 2016-08-07 21:36 - 00000047 _____ C:\Users\user\Desktop\blahblah.txt
2016-08-07 20:54 - 2016-08-08 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-08-07 20:54 - 2016-08-07 20:54 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-07 20:51 - 2016-08-07 20:51 - 00000000 ____D C:\ProgramData\Anvisoft
2016-08-07 20:51 - 2016-08-07 20:51 - 00000000 ____D C:\Program Files\Anvisoft
2016-08-07 20:48 - 2016-08-07 20:49 - 39269240 _____ (Anvisoft) C:\Users\user\Downloads\asdsetup.exe
2016-08-07 18:54 - 2016-08-07 18:55 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-07 17:31 - 2016-08-07 17:31 - 00003584 _____ C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-06 20:06 - 2016-08-06 20:06 - 00000000 ____D C:\Users\user\AppData\Local\GMap.NET
2016-08-06 19:00 - 2016-08-10 21:57 - 00000000 ____D C:\Users\user\AppData\Roaming\HPRewriter2
2016-08-06 19:00 - 2016-08-06 19:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Seviler2DGame
2016-08-06 19:00 - 2016-08-06 19:00 - 00002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002026 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-08-06 19:00 - 2016-08-06 19:00 - 00002024 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-07-24 17:25 - 2016-07-24 17:26 - 00045125 _____ C:\ProgramData\1469355928.2132.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00042049 _____ C:\ProgramData\1469355928.3948.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00004431 _____ C:\ProgramData\1469355928.172.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 00002928 _____ C:\ProgramData\1469355928.3196.bin
2016-07-24 17:25 - 2016-07-24 17:25 - 00037915 _____ C:\ProgramData\1469355918.bdinstall.bin
2016-07-24 01:13 - 2016-07-24 01:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-24 00:45 - 2016-07-24 00:45 - 00225330 _____ C:\ProgramData\1469295588.bdinstall.bin
2016-07-24 00:44 - 2009-07-14 22:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-07-24 00:30 - 2016-07-24 00:32 - 00000494 _____ C:\ProgramData\1469294993.2720.bin
2016-07-24 00:30 - 2016-07-24 00:30 - 00002049 _____ C:\ProgramData\1469294993.1704.bin
2016-07-24 00:29 - 2016-07-24 00:32 - 00040831 _____ C:\ProgramData\1469294993.2684.bin
2016-07-24 00:21 - 2016-07-24 00:21 - 00045499 _____ C:\ProgramData\1469294336.bdinstall.bin
2016-07-24 00:18 - 2016-07-24 00:40 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 11:19 - 2007-02-17 04:42 - 00262144 ___SH C:\Users\user\ntuser.dat.LOG2
2016-08-11 12:27 - 2015-01-23 21:01 - 00000000 ____D C:\Program Files\Foxtab
2016-08-11 12:27 - 2014-03-25 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-08-11 12:27 - 2010-11-21 07:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-08-11 12:27 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\registration
2016-08-10 22:22 - 2007-02-17 04:45 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA.job
2016-08-10 22:21 - 2016-01-25 22:32 - 00000266 _____ C:\Windows\Tasks\UpdateTask.job
2016-08-10 22:20 - 2014-03-26 21:38 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-10 21:57 - 2015-12-26 08:21 - 00001134 _____ C:\Users\user\Desktop\Chromium.lnk
2016-08-10 21:31 - 2007-02-17 05:02 - 00000000 ____D C:\Users\UpdatusUser
2016-08-10 21:29 - 2014-03-26 21:38 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-10 21:29 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 14:24 - 2014-07-06 13:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-09 17:22 - 2007-02-17 04:45 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core.job
2016-08-09 15:59 - 2009-07-14 11:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-09 15:59 - 2009-07-14 11:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-09 14:33 - 2016-03-05 20:05 - 00000000 ____D C:\Users\user\Downloads\Garena Plus
2016-08-08 22:46 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2016-08-08 22:40 - 2007-02-17 04:44 - 00000000 ____D C:\Program Files\WinRAR
2016-08-08 20:49 - 2010-11-21 04:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-07 19:34 - 2007-02-17 04:56 - 00000000 ____D C:\Windows\PCHEALTH
2016-08-07 17:45 - 2007-02-15 00:09 - 00000000 ____D C:\Users\user\Documents\~Tristan
2016-08-07 17:14 - 2007-02-17 05:02 - 00000000 __SHD C:\[Smad-Cage]
2016-08-07 16:23 - 2007-02-17 05:02 - 00000000 ____D C:\Program Files\SMADAV
2016-08-05 16:20 - 2014-12-23 16:49 - 00000000 ____D C:\Program Files\Opera
2016-07-28 02:25 - 2014-03-25 11:17 - 00406184 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-24 17:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2016-07-24 16:19 - 2009-07-14 11:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-24 16:19 - 2009-07-14 11:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-24 16:19 - 2007-02-17 05:40 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:37 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:35 - 00001349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2016-07-24 16:19 - 2007-02-17 05:34 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:30 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2016-07-24 16:19 - 2007-02-17 05:06 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-24 16:19 - 2007-02-17 04:48 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-07-24 16:19 - 2007-02-17 04:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-24 16:19 - 2007-02-17 04:35 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-24 16:17 - 2016-03-05 20:20 - 00000987 _____ C:\Users\Public\Desktop\PointBlank Garena.lnk
2016-07-24 16:17 - 2016-03-05 20:06 - 00000909 _____ C:\Users\Public\Desktop\Garena+.lnk
2016-07-24 16:17 - 2014-03-26 21:41 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-07-24 16:17 - 2014-03-25 11:38 - 00001053 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00002230 _____ C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00001188 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1050 J410 series.lnk
2016-07-24 16:17 - 2014-03-25 11:37 - 00001183 _____ C:\Users\Public\Desktop\HP Deskjet 1050 J410 series Scan.lnk
2016-07-24 16:17 - 2007-02-17 05:22 - 00002652 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2016-07-24 16:17 - 2007-02-17 05:05 - 00001229 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2016-07-24 16:17 - 2007-02-17 05:04 - 00001793 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-07-24 16:17 - 2007-02-17 04:51 - 00002061 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
2016-07-24 16:17 - 2007-02-17 04:48 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-07-24 16:17 - 2007-02-17 04:47 - 00001065 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-07-24 16:16 - 2009-07-14 11:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-24 16:16 - 2009-07-14 11:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-24 16:15 - 2016-06-16 18:50 - 00001095 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2016-07-24 16:15 - 2016-06-16 18:50 - 00001093 _____ C:\Users\user\Desktop\LINE.lnk
2016-07-24 16:15 - 2007-02-17 05:41 - 00001083 _____ C:\Users\user\Desktop\Adobe Photoshop CS3.lnk
2016-07-24 16:15 - 2007-02-17 05:13 - 00002105 _____ C:\Users\user\Desktop\Microsoft Security Essentials.lnk
2016-07-24 16:15 - 2007-02-17 04:47 - 00001095 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-24 16:14 - 2014-06-19 15:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-24 16:11 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\Offline Web Pages
2016-07-24 15:57 - 2014-06-06 10:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-24 00:22 - 2007-02-17 05:06 - 00002127 _____ C:\Windows\epplauncher.mif
2016-07-22 20:19 - 2015-01-23 22:01 - 00000327 _____ C:\Users\user\AppData\Roaming\WB.CFG

==================== Files in the root of some directories =======

2015-05-22 00:31 - 2007-02-15 00:11 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-04-28 15:38 - 2015-05-22 00:26 - 0000020 _____ () C:\Users\user\AppData\Roaming\appdataFr3.bin
2014-12-23 21:41 - 2014-12-23 21:41 - 0138056 _____ () C:\Users\user\AppData\Roaming\PnkBstrK.sys
2015-01-23 22:01 - 2016-07-22 20:19 - 0000327 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2016-08-07 17:31 - 2016-08-07 17:31 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-23 18:28 - 2014-08-23 18:28 - 0000000 _____ () C:\Users\user\AppData\Local\{021E2386-759F-43C7-93D9-3D5BF70A0319}
2014-02-19 15:02 - 2014-02-19 15:02 - 0000000 _____ () C:\Users\user\AppData\Local\{5C8F489D-835A-451E-AAFA-E6B0E4953A05}
2014-05-29 13:35 - 2014-05-29 13:36 - 0000000 _____ () C:\Users\user\AppData\Local\{A76B11C5-E75C-4DE6-AA0C-DD6FC1E47834}
2016-07-24 00:21 - 2016-07-24 00:21 - 0045499 _____ () C:\ProgramData\1469294336.bdinstall.bin
2016-07-24 00:30 - 2016-07-24 00:30 - 0002049 _____ () C:\ProgramData\1469294993.1704.bin
2016-07-24 00:29 - 2016-07-24 00:32 - 0040831 _____ () C:\ProgramData\1469294993.2684.bin
2016-07-24 00:30 - 2016-07-24 00:32 - 0000494 _____ () C:\ProgramData\1469294993.2720.bin
2016-07-24 00:45 - 2016-07-24 00:45 - 0225330 _____ () C:\ProgramData\1469295588.bdinstall.bin
2016-07-24 17:25 - 2016-07-24 17:25 - 0037915 _____ () C:\ProgramData\1469355918.bdinstall.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0004431 _____ () C:\ProgramData\1469355928.172.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0045125 _____ () C:\ProgramData\1469355928.2132.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0002928 _____ () C:\ProgramData\1469355928.3196.bin
2016-07-24 17:25 - 2016-07-24 17:26 - 0042049 _____ () C:\ProgramData\1469355928.3948.bin

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\user\AppData\Local\Temp\d45bf640ca3c263b5d4928241c7a8e35.dll
C:\Users\user\AppData\Local\Temp\eauninstall.exe
C:\Users\user\AppData\Local\Temp\ggspawn1556635582.dll
C:\Users\user\AppData\Local\Temp\ggspawn770000468.dll
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\openvpn.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1003_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1004_11.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1005.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1006.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1007.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1008_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1009.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1010.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1011.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1012.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1013_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1014.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1015_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1016_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1017.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1018.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1019.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1020.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1021.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1022.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1023.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1024.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1025_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1026.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1027.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1028.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1029.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1030.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1031.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1032.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1033.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1034.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1035.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1036.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1037.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1038_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1039.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1040.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1041.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1042.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1043.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1044.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1045.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1046.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1047.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1048.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1049_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1050.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1051.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1052_1.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1053.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1054.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1055.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1056.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1057.exe
C:\Users\user\AppData\Local\Temp\PointBlank_GarenaPlus_Patch_1058.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\tapinstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2010-11-21 04:29] - [2010-11-20 03:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:29] - [2010-11-20 03:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-06 08:13

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016 01
Ran by user (2016-08-10 22:23:07)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2007-02-16 21:40:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3897908082-2070258231-4265155790-500 - Administrator - Disabled)
Guest (S-1-5-21-3897908082-2070258231-4265155790-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3897908082-2070258231-4265155790-1001 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-3897908082-2070258231-4265155790-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Chromium (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Chromium) (Version: 46.0.2470.0 - Chromium)
Counter-Strike 1.6 (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Counter-Strike 1.6) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Foxtab (HKLM\...\Foxtab) (Version:  - Foxtab) <==== ATTENTION
Garena - PointBlank ID (HKLM\...\PBID) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.28.5039 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPRewriter2 (HKLM\...\HPRewriter2) (Version:  - )
K-Lite Codec Pack 7.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LINE (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\LINE) (Version: 4.8.0.1097 - LINE Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 7 Premium (HKLM\...\{4781569D-5404-1F26-4B2B-6DF444441031}) (Version: 7.00.0087 - Nero AG)
NVIDIA Graphics Driver 307.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.74 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 39.0.2256.48 (HKLM\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6828 - Realtek Semiconductor Corp.)
Search Provided by Yahoo (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\YahooProvidedSearch) (Version:  - ) <==== ATTENTION
SMADAV version 9.6.1 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 9.6.1 - SmadSoft)
UltraISO Premium V9.35 (HKLM\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Winamp (HKLM\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - ASIX (AX88772) Net  (06/10/2009 3.12.3.2) (HKLM\...\3720AB563DCFC005C5FB669FF957E87941CF80E6) (Version: 06/10/2009 3.12.3.2 - ASIX)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.321 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\user\AppData\Local\Chromium\Application\46.0.2470.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\googletalkax.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\user\AppData\Local\Chromium\Application\46.0.2470.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\o1dax.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-3897908082-2070258231-4265155790-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E26943A-E58D-4D36-9ED9-191631BCCFF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {16D4A03B-6672-436D-922E-D1BDE06336B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {189F871F-7689-4B16-BC34-7EA1AC36071C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-02-15] (Google Inc.)
Task: {1A69E56C-C44D-4B29-9A13-8D1C0282506A} - System32\Tasks\UpdateTask => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE
Task: {1C1E0E67-A92A-4705-B5BE-3F8DF7077DEE} - System32\Tasks\{730A0B80-DE7E-4936-9138-9D4E43D39543} => pcalua.exe -a "C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {1CD82678-09D3-4DE7-987D-516F812E5DBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-03] (Adobe Systems Incorporated)
Task: {2290A225-5460-4BD0-9B6B-BBCC737CCAF4} - \{CA13FAB3-5290-0682-FAF4-587B10AA7A33} -> No File <==== ATTENTION
Task: {27F89AFD-62F3-4A46-A5A5-66D8D7E1574F} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2014-01-21] (Smadsoft)
Task: {2ABAF70E-261F-40D0-A37B-171C14AF678F} - \Superclean -> No File <==== ATTENTION
Task: {2BE54B3B-AF35-416E-AD4F-56A90742DA76} - System32\Tasks\Garena+ Plugin Host Service => C:\Users\user\Downloads\Garena Plus\ggdllhost.exe [2016-02-22] ()
Task: {32471D25-BE59-490D-8A8C-2461921F46C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-02-15] (Google Inc.)
Task: {37CE6EA3-8CFD-4B23-A5E5-747AD27D33BD} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {3B25E983-9659-4E18-931C-60CCC01B98ED} - \Foxtab -> No File <==== ATTENTION
Task: {4784428D-4A1E-4F89-AB5A-CB63F613A353} - System32\Tasks\{889C5A91-D264-4550-95DA-196724F7C8A4} => pcalua.exe -a "C:\Program Files\SaverExtEnsiion\Vr4g4Bn5Im26F4.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {4E3DC8E8-8ADB-458D-B424-2341DB69A79B} - System32\Tasks\Opera scheduled Autoupdate 1419328534 => C:\Program Files\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {4F59613F-0625-44F5-9617-34AE48DE87A7} - \{6154B54B-F7CE-82CD-9B38-E9FC1188F970} -> No File <==== ATTENTION
Task: {62443B58-82F0-4E28-BF23-B0CF11003B2F} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {933777CA-154F-46E3-88AE-8D8110E51AB8} - System32\Tasks\{7095882C-55D6-48B6-830A-B40748EB391E} => pcalua.exe -a "C:\Program Files\SalePlus\MHYQf5xAfdtoPP.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {B43DC576-11B7-433E-B995-4612E9879C47} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {B652DE0D-87F6-4397-B81C-63796FA72B37} - System32\Tasks\{37495DE7-5931-4CAE-A82A-E4C275C0BED8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/id/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {CAFAEC6E-0724-4CF4-A6D8-090931C5D98B} - \userCentrifugallyKingwoodV2 -> No File <==== ATTENTION
Task: {DB6E221A-5F52-4883-8697-B89D8ADDF082} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3897908082-2070258231-4265155790-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\user\AppData\Local\{804AB~1\UNINST~1.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{6C95E218-B32A-4955-88CA-65FCA3BE5F25}\SupportTasks\1\Support.lnk -> hxxp://support.ea.com/
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{6C95E218-B32A-4955-88CA-65FCA3BE5F25}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ea.com/nfs/carbon/us/home.jsp/

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2007-02-17 05:02 - 2013-01-03 15:38 - 00079800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-08-10 21:48 - 2016-08-10 21:48 - 03712064 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2016-08-09 14:56 - 2016-08-03 07:24 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:56 - 2016-08-03 07:23 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3897908082-2070258231-4265155790-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Innosvcd => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SoftonicAssistant => "C:\Users\user\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF55DF36-3B3A-4195-8EC7-93CBC3064418}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7FB1DA94-24AC-49C8-9BB4-25F1440F5EB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C4E7657D-D846-431A-B375-DF72F21C43D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{B75F92AB-5253-4440-9654-94F45745A5FD}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{32B99E46-7CA4-4D35-B7EC-73B5E40E177A}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{B5EBD52A-8A6C-495C-8914-45C0D8B7BB49}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{84844E85-F746-4836-9F8B-2DD4DC6BBFF7}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{CDE097F3-B5C0-47CF-8440-9B34E38C38FC}] => (Allow) C:\Gemscool\PointBlank\PointBlank.exe
FirewallRules: [{63FE68A2-2AEF-4A9D-B30D-D8E5F745C104}] => (Allow) C:\Gemscool\PointBlank\PointBlank.exe
FirewallRules: [{219D2E55-3CA6-4E0A-AAFD-9EB3D5D8438C}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{057FE20A-96B0-4751-B20B-11B4921E3A22}] => (Allow) C:\Windows\System32\innogmp.exe
FirewallRules: [{58BC5D0F-05D4-4393-8AC2-4F3D8B5B6AE8}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [{AFE59780-6795-4CA7-93E1-D36C420077A1}] => (Allow) C:\Windows\System32\innosvcd.exe
FirewallRules: [TCP Query User{BA77D0C4-8BA4-42D5-888D-071A3EFA81A1}C:\program files\microsoft games\rise of nations\nations.exe] => (Block) C:\program files\microsoft games\rise of nations\nations.exe
FirewallRules: [UDP Query User{ADF314B4-57CB-4C37-A8B2-C4FBCF5D8195}C:\program files\microsoft games\rise of nations\nations.exe] => (Block) C:\program files\microsoft games\rise of nations\nations.exe
FirewallRules: [{5BAC8B25-CAEA-44CA-AC62-BCCB1A4454EE}] => (Allow) C:\Users\user\LINE\Line.exe
FirewallRules: [{8E037D6B-A56A-49DC-AC85-49C97F23D196}] => (Allow) C:\Users\user\LINE\Line.exe
FirewallRules: [TCP Query User{ACF23A73-DF3A-4A9C-88B4-1F2434E975EE}E:\easysetupassistant\wr842n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr842n\easysetupassistant.exe
FirewallRules: [UDP Query User{6DC0004E-BF93-439A-9AC5-358BE88AAF78}E:\easysetupassistant\wr842n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr842n\easysetupassistant.exe
FirewallRules: [TCP Query User{3BDA6D35-A246-40EF-9DBD-3A68E0DE01B8}E:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [UDP Query User{5CB6CF52-D25A-492C-B1DE-4228A01866FE}E:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [{49B543D8-97BE-4320-841D-3B84E06D9A7B}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{43209761-FBEB-45A9-94E8-1C177053DE33}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{189DCB94-AA42-4442-BB16-8219FA1D0CC6}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{CB910983-84C6-4797-B31C-184E11836320}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{33FB15B6-FE57-4E5C-88B7-40AC1C133776}C:\users\user\line\line.exe] => (Allow) C:\users\user\line\line.exe
FirewallRules: [UDP Query User{6F6AA9AA-4E2B-49DE-9C0B-95422BB078C8}C:\users\user\line\line.exe] => (Allow) C:\users\user\line\line.exe
FirewallRules: [{AB130FB7-6DF0-4F95-8354-EA486AECD18F}] => (Allow) C:\Users\user\Downloads\pbidInstaller.exe
FirewallRules: [{3C77BF32-775D-4F97-AC00-88C4589F710B}] => (Allow) C:\Users\user\Downloads\pbidInstaller.exe
FirewallRules: [{2BAB82FB-D3EC-4C36-A74B-AEB2443AE04E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{01735BC0-0E8A-490A-B7DA-907629A919AC}] => (Allow) C:\Program Files\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{8B76514A-9257-4DEA-B24A-15B398F44CDE}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{384E1056-A49F-4794-B992-C994FC63F05E}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [{14963CF9-3B1A-4CBC-BD62-FC79185AEB6B}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{BB9D7551-A836-477C-8240-9BAB8D28C62B}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [TCP Query User{D1076D46-7E84-44B9-A77D-39211AF00693}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{3A4AA64A-E86C-418B-BE31-DCD17C182CEF}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{ABAE53C1-E284-426E-9D54-95BA45E962BA}C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{9560033A-3E3F-40CE-882F-2AB0D60A7578}C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{A3FC8368-32A4-4704-BCC6-E738D707DCC1}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{1BC205D3-E569-40FB-B391-5D435DBE7423}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [{3716CDE8-4C40-4103-AEFC-83908367A28B}] => (Allow) C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{0352C2C4-F36F-4961-B2E4-FFFE3C05E413}C:\program files\novalogic\delta force xtreme\dfx.exe] => (Block) C:\program files\novalogic\delta force xtreme\dfx.exe
FirewallRules: [UDP Query User{AC0ACF9C-D4AA-4E4A-B848-7E96534DF905}C:\program files\novalogic\delta force xtreme\dfx.exe] => (Block) C:\program files\novalogic\delta force xtreme\dfx.exe
FirewallRules: [{85C224FA-F8A8-4775-81F3-5A083E26182B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0223D83-91F4-40EC-84FE-2637BE3AB8C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{32785A94-E0CB-4062-B53B-B08A5708E786}] => (Allow) C:\GarenaDownload\Games\pbid\pbidInstaller.exe
FirewallRules: [{759A500F-3DF2-466D-8BFA-AFDADE9E6819}] => (Allow) C:\GarenaDownload\Games\pbid\pbidInstaller.exe
FirewallRules: [TCP Query User{7D2F11DA-C6AA-43B2-A96E-A70225FD0986}C:\users\user\downloads\garena plus\garenamessenger.exe] => (Allow) C:\users\user\downloads\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{8DC531C2-84B6-42C9-A51A-96AE56201C02}C:\users\user\downloads\garena plus\garenamessenger.exe] => (Allow) C:\users\user\downloads\garena plus\garenamessenger.exe
FirewallRules: [{936B575F-183B-4B0C-B39A-5D218BB00D6E}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{E2F4FCAC-10F2-4254-860B-A08502ED41F8}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{76FCD2F5-A9EA-4A22-BD9D-07FBEA1D3A66}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{947B6388-796E-4183-A363-17B08C488DF9}] => (Allow) C:\Users\user\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{8EBB87C4-EDBD-46BE-BA30-BFD0F7751003}] => (Allow) %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{85531843-DBB2-45B0-82D4-7FF335F85BA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-08-2016 20:52:59 Device Driver Package Install: Anvisoft Network Service
09-08-2016 14:34:44 Windows Update
09-08-2016 15:41:34 Microsoft Antimalware Checkpoint
10-08-2016 14:50:16 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2016 09:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2016 07:28:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2016 04:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x620
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:09:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x4a8
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x260
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x58c
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:08:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x554
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:08:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x4e0
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:08:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x49c
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/10/2016 04:08:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Faulting module name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce794fe
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x3bc
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3


System errors:
=============
Error: (08/10/2016 09:30:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/10/2016 09:29:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
InCDPass
InCDRm

Error: (08/10/2016 09:29:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPWriter Service service failed to start due to the following error: 
%%5 = Access is denied.

Error: (08/10/2016 09:29:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CutterModule service to connect.

Error: (08/11/2016 11:23:52 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LsaLookupOpenPolicy call failed with the following error: 
%%-1073741822

Error: (08/10/2016 07:29:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.

Error: (08/10/2016 07:27:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CutterModule service to connect.

Error: (08/10/2016 07:27:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:09:27 on ‎10/‎08/‎2016 was unexpected.

Error: (08/10/2016 04:03:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
CSC
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (08/10/2016 04:03:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2016-08-10 22:19:13.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 21:56:55.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 21:42:57.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 21:35:49.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 21:29:04.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 14:49:38.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 14:29:31.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 14:12:32.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 20:46:19.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 19:11:47.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 1023.3 MB
Available physical RAM: 254.61 MB
Total Virtual: 6023.3 MB
Available Virtual: 4587.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.26 GB) (Free:25.09 GB) NTFS
Drive d: (DATA) (Fixed) (Total:80.69 GB) (Free:80.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 2D6D77B5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=80.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Yes most of the bad entries are back again, run FRST fix again as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.