TechSpot

Name not available plays once a day

By Lono12
Jan 16, 2016
Post New Reply
  1. This is my first time post something ever, but I've got name not available in my sound mixer and it just appear once a day for a minute and then dissappear I've tried to run malware bytes and avast but they don't find anything. I've been wondering if factory reset would solve this issue but thought it might be best to ask for help before I do that.

    Edit: Name not available usually plays a laggy usb disconnect sound
     
  2. Lono12

    Lono12 Topic Starter

    Went ahead and downloaded farbar, thought that I should do that when I saw the other topic with similar issue

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by Khoa Do (administrator) on KHOA (16-01-2016 13:52:37)
    Running from C:\Users\Khoa Do\Desktop
    Loaded Profiles: Khoa Do (Available Profiles: Khoa Do & Administratör)
    Platform: Windows 8.1 (X64) Language: Svenska (Sverige)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-12] (AVAST Software)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\MountPoints2: {49b10d29-1a63-11e5-827f-fcaa1424c0cf} - "F:\Setup.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-12] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A1056DF5-B9EF-42DF-9463-0044D4A9E702}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-12] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-12] (AVAST Software)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-15]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-15]

    Chrome:
    =======
    CHR Profile: C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-01-16]
    CHR Extension: (YouTube) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
    CHR Extension: (Google Search) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
    CHR Extension: (AdBlock) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-15]
    CHR Extension: (Vulpix Theme) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\inkcgocbdfgfhgijdafhgkbijdmhcbmk [2015-11-13]
    CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-13]
    CHR Extension: (Gmail) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-13]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-12] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2015-12-12] (Avast Software)
    S3 Disc Soft Lite Bus Service; D:\Visual novel\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-04] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-12] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-12] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-12] (AVAST Software)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-02] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
    R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-12] (AVAST Software)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
    R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47760 2015-11-10] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-16] ()
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-12-12] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-16 13:52 - 2016-01-16 13:52 - 02370560 _____ (Farbar) C:\Users\Khoa Do\Desktop\FRST64.exe
    2016-01-16 13:52 - 2016-01-16 13:52 - 00012766 _____ C:\Users\Khoa Do\Desktop\FRST.txt
    2016-01-16 13:52 - 2016-01-16 13:52 - 00000000 ____D C:\FRST
    2016-01-16 13:48 - 2016-01-16 13:48 - 00006216 _____ C:\Users\Khoa Do\Desktop\rouge 2.txt
    2016-01-16 13:37 - 2016-01-16 13:37 - 00005008 _____ C:\Users\Khoa Do\Desktop\rouge.txt
    2016-01-16 13:25 - 2016-01-16 13:37 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-16 13:25 - 2016-01-16 13:25 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-01-16 13:24 - 2016-01-16 13:25 - 20844104 _____ C:\Users\Khoa Do\Desktop\RogueKiller.exe
    2016-01-16 13:22 - 2016-01-16 13:23 - 00218382 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.22.40_log.txt
    2016-01-16 13:16 - 2016-01-16 13:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Khoa Do\Desktop\HijackThis.exe
    2016-01-16 13:12 - 2016-01-16 13:14 - 00661530 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.12.20_log.txt
    2016-01-16 13:09 - 2016-01-16 13:11 - 00219390 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.09.38_log.txt
    2016-01-16 13:09 - 2016-01-16 13:09 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Khoa Do\Desktop\tdsskiller.exe
    2016-01-15 11:47 - 2016-01-15 11:47 - 00000000 ____D C:\WINDOWS\LastGood
    2016-01-15 11:45 - 2016-01-15 11:45 - 00002084 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-01-15 11:45 - 2015-11-05 15:41 - 00102704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-01-15 11:40 - 2016-01-15 11:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2016-01-15 11:40 - 2016-01-12 05:40 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-01-15 11:40 - 2015-12-18 07:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2016-01-15 11:40 - 2015-12-18 07:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2016-01-15 11:40 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-01-15 10:37 - 2016-01-15 10:46 - 00003202 _____ C:\Users\Khoa Do\Desktop\Nytt textdokument.txt
    2016-01-15 10:08 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-01-15 10:08 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-15 10:07 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-15 10:07 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-01-15 10:07 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-15 10:07 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-15 10:07 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-01-15 10:07 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-01-15 10:07 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2016-01-15 10:07 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-15 10:07 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-15 10:07 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-15 10:07 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-15 10:07 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-15 10:06 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-15 10:06 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-15 10:04 - 2015-12-12 19:31 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-01-14 16:14 - 2016-01-15 10:03 - 00000000 ____D C:\WINDOWS\pss
    2016-01-14 15:52 - 2016-01-14 20:48 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\ElevatedDiagnostics
    2016-01-13 13:17 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Scanned Documents
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Fax
    2015-12-27 20:17 - 2016-01-14 14:31 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\CrashDumps
    2015-12-26 12:06 - 2015-12-26 12:06 - 00023218 _____ C:\Users\Khoa Do\Downloads\Noble Works.torrent
    2015-12-23 17:40 - 2016-01-16 12:40 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\UNDERTALE
    2015-12-23 17:30 - 2015-12-23 17:30 - 00000202 _____ C:\Users\Khoa Do\Desktop\Undertale.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-16 13:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
    2016-01-16 13:45 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Skype
    2016-01-16 13:18 - 2014-04-10 15:49 - 00455470 _____ C:\WINDOWS\system32\perfh006.dat
    2016-01-16 13:18 - 2014-04-10 15:49 - 00079224 _____ C:\WINDOWS\system32\perfc006.dat
    2016-01-16 13:18 - 2014-04-10 15:44 - 00426168 _____ C:\WINDOWS\system32\perfh00B.dat
    2016-01-16 13:18 - 2014-04-10 15:44 - 00081252 _____ C:\WINDOWS\system32\perfc00B.dat
    2016-01-16 13:18 - 2014-04-10 15:39 - 00440562 _____ C:\WINDOWS\system32\perfh014.dat
    2016-01-16 13:18 - 2014-04-10 15:39 - 00076716 _____ C:\WINDOWS\system32\perfc014.dat
    2016-01-16 13:18 - 2014-04-10 15:33 - 00724478 _____ C:\WINDOWS\system32\perfh01D.dat
    2016-01-16 13:18 - 2014-04-10 15:33 - 00151834 _____ C:\WINDOWS\system32\perfc01D.dat
    2016-01-16 13:18 - 2014-03-18 11:03 - 03290732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-16 13:18 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-16 13:17 - 2015-08-02 18:23 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-714292664-626144888-293302260-1001
    2016-01-16 13:12 - 2015-11-13 22:52 - 00001008 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-16 13:12 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-16 13:12 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-16 13:05 - 2015-11-13 22:52 - 00001012 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-16 13:03 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Battle.net
    2016-01-16 12:55 - 2015-09-04 18:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-16 12:24 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2016-01-16 12:24 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\system32\vbox
    2016-01-15 16:06 - 2015-11-13 22:53 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-15 11:45 - 2014-11-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-15 11:45 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-15 11:40 - 2015-09-24 18:09 - 00001396 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-01-15 11:40 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\NVIDIA
    2016-01-15 11:40 - 2014-11-11 15:25 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-15 10:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-01-15 10:14 - 2014-11-11 15:40 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-15 10:12 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-15 10:10 - 2015-08-02 20:21 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-15 10:10 - 2015-08-02 20:21 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-15 10:04 - 2015-08-02 18:31 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-01-15 10:04 - 2015-08-02 18:31 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-01-15 10:04 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do
    2016-01-15 10:03 - 2015-12-14 12:07 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-15 10:03 - 2015-12-14 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-01-15 10:03 - 2015-12-03 16:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2016-01-15 10:03 - 2015-11-13 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2016-01-15 10:03 - 2015-08-02 19:07 - 00000000 ___HD C:\$SysReset
    2016-01-15 10:03 - 2015-08-02 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-15 10:03 - 2015-08-02 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-15 10:03 - 2015-08-02 18:33 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-15 10:03 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Battle.net
    2016-01-15 10:03 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-15 10:03 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-15 10:03 - 2014-11-11 14:30 - 00000000 ____D C:\Users\Administrator
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-15 10:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-15 10:02 - 2015-08-02 18:29 - 00000000 ____D C:\ProgramData\Skype
    2016-01-15 10:02 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-15 10:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
    2016-01-15 09:09 - 2015-09-29 10:25 - 00007598 _____ C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg
    2016-01-15 08:26 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Skype
    2016-01-14 15:49 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-12 05:41 - 2014-11-11 15:34 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-01-12 05:41 - 2014-11-11 15:34 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-01-12 05:40 - 2014-11-11 15:34 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-01-12 05:40 - 2014-11-11 15:34 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-01-10 21:00 - 2015-06-09 23:51 - 00000000 ____D C:\Users\Khoa Do\Downloads\iPod Photo Cache
    2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-21 23:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-18 19:31 - 2015-08-02 18:31 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2015-12-18 19:31 - 2015-08-02 18:31 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-12-18 19:30 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(211)
    2015-12-18 19:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF

    ==================== Files in the root of some directories =======

    2015-09-29 10:25 - 2016-01-15 09:09 - 0007598 _____ () C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    C:\Users\Khoa Do\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Khoa Do\AppData\Local\Temp\NVI2_29.DLL


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-29 16:58

    ==================== End of FRST.txt ============================
     
  3. Lono12

    Lono12 Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by Khoa Do (2016-01-16 13:52:51)
    Running from C:\Users\Khoa Do\Desktop
    Windows 8.1 (X64) (2015-08-02 17:14:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administratör (S-1-5-21-714292664-626144888-293302260-500 - Administrator - Disabled) => C:\Users\Administrator
    Gäst (S-1-5-21-714292664-626144888-293302260-501 - Limited - Disabled)
    Khoa Do (S-1-5-21-714292664-626144888-293302260-1001 - Administrator - Enabled) => C:\Users\Khoa Do

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-714292664-626144888-293302260-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Apple-programstöd (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
    Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    NVIDIA 3D Vision drivrutin 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
    NVIDIA 3D Vision drivrutin för styrenhet 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
    NVIDIA Grafikdrivrutin 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
    NVIDIA PhysX systemprogramvara 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
    Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
    Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07AE2818-7A58-41E3-A73A-AF7D79A041E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-15] (Microsoft Corporation)
    Task: {23BFA6FA-A10C-4ECF-BB06-873D6C0E69F2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-12] (AVAST Software)
    Task: {983B1BEA-39AB-4B26-96BD-1823782AFBC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {C6B39027-7303-4429-B0FC-C894386449E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {D05E28C5-14CF-4487-8A07-E0304BA369CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {E331E594-F280-4683-8CB3-D62730E77477} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {F15DFCB2-21C8-4F92-A3DB-226EA6E86652} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
    Task: {F4B354B6-412F-4D93-B32F-499F56B6F038} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-11-11 15:33 - 2015-11-05 16:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-01-15 11:40 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-16 12:33 - 2016-01-16 12:33 - 02817536 _____ () C:\Program Files\AVAST Software\Avast\defs\16011502\algo.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-24 18:08 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-01-15 16:06 - 2016-01-12 17:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
    2016-01-15 16:06 - 2016-01-12 17:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28045792.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28045792.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-714292664-626144888-293302260-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Khoa Do\Downloads\Saber.full.1798433.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{28EE54E3-DA6E-495D-A282-AA984E868752}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3E09B16F-A1B0-4792-8E26-F9E48FF92578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F79169B1-8E9C-4948-A5BD-727287A00A51}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{C1C76193-CE53-44AD-A125-5582E4B32AA7}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{013E5749-FC6D-4B25-9682-F55316A01CB8}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FDA99676-7B63-43F9-BF8A-7BEA1363A253}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{06E85FC7-AC3A-4D78-8E8C-E16CADCE6000}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4ABFB2CF-0C0A-459A-8BB5-92E2A96680B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{45252282-62A5-4F93-9CDB-383516F972B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1CC60079-CCED-4624-A1DC-1AF8DBAC1E4D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{525A609D-67E5-4319-9864-34936B709B92}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{79F54CF6-9968-4172-9CBD-1589BEDEBBBA}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{9AB83DC2-389A-4CB7-A50C-FE9681B850D4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{7D9B73D4-76BD-4361-991F-952F1B304C30}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{B8288B20-4932-42EC-A4C9-27B4929BE2CC}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{D9DA8B66-4423-4684-9E0F-38AA1190DDC5}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{75F1424E-E3D5-4E7B-9C84-E31F36E307EB}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{2C16BE5D-E258-4B27-8A19-361CA2EF8B29}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{9CA46DCF-1C81-4B2F-8BDC-494F807F9A18}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4D6E75B5-1145-44BE-8473-6763CD3B6C8F}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{C2DBD62F-B5FD-42EA-93FB-831958E41E29}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{E1CAAAC7-C38A-442F-AD9B-D364E36893A6}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [TCP Query User{60A1F6E8-F004-4DA8-B9C2-5DFA82DF2C86}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{74D8AAAE-D2E0-44AA-B0FD-64744D38F800}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7D64B38F-AF73-45D2-90E4-A526D9E9D6E7}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{CEF41035-7D45-40B2-A779-C845D701C215}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7E7A5410-DF4E-41A3-A974-21AA3426B734}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{31205CFC-7C45-421A-9250-C54A825542C4}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [{D6FED902-0EEF-4F3F-9EB9-188D4D892D64}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [{7041811B-BA6B-4622-BF23-C414D593F973}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [TCP Query User{7659A714-D497-435C-BEC2-713BBFEFB052}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{01CB7B2E-1EFC-4F73-BF3C-D73408E6F5F8}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{8741AC6C-C192-4427-BF65-D65B7851BDE6}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E4CEC8C1-868E-446D-BF9D-5264D558ED97}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [{99BB7998-5E1C-4112-A009-EC235FE0ADFA}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{80775A2B-1A32-41A3-9FEC-EA4E6AC54A2C}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{4203BE28-0652-4AE3-A51F-E27B4C749C4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{36176481-8E6A-4692-94D4-21974BB7943D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5642BAD3-B003-46C2-92A9-28CF211B2C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{FD088D5C-2AED-4FA9-B8FB-9757CCD4FF4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{09B8F1BE-9E86-4BED-8300-66BD57EFB8BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B963690B-8EA8-40DB-8526-BB892FF2DE3C}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{D28831E9-2F76-4397-9FA9-6B2745CE2FD0}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [TCP Query User{D3DEDE93-1A31-4DFD-B544-397B41528A2C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E9D4014B-9A47-4C02-B7DE-831374A8483C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [{2CF5EAC2-AF60-487F-9B20-9FC0395BF810}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{97AD4ACB-6AB1-4CA9-8DEB-10E80348CE19}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{68270C4D-2138-4D91-8B58-D62D98B75D13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    15-01-2016 11:36:38 manuell

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/15/2016 10:52:30 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1620) SRUJet: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\SRU\SRU0045C.log öppnades.

    Error: (01/15/2016 10:11:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (01/15/2016 10:05:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
    Description: Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen. ESENT-felet var: -528.

    Error: (01/15/2016 10:05:20 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Catalog Database (1280) Catalog Database: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\CatRoot2\edb0005E.log öppnades.

    Error: (01/15/2016 10:04:21 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Ett ospecificerat fel uppstod under systemåterställningen: (Windows Update). Ytterligare information: 0xc0000022.

    Error: (01/14/2016 01:22:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programmet CCleaner64.exe, version 5.8.0.5308, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas I problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

    Process-ID: 19e4

    Starttid: 01d14ec5b2812d06

    Avslutningstid: 2

    Programsökväg: C:\Program Files\CCleaner\CCleaner64.exe

    Rapport-ID: 749b54ba-bab9-11e5-8276-fcaa1424c0cf

    Fullständigt namn på felaktigt paket:

    Program-ID relativt till felaktigt paket:

    Error: (12/29/2015 05:11:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Volymen System optimerades inte eftersom ett fel påträffades: Felaktig parameter. (0x80070057)

    Error: (12/29/2015 04:58:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Volymen System optimerades inte eftersom ett fel påträffades: Felaktig parameter. (0x80070057)

    Error: (12/27/2015 08:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Felet uppstod I programmet med namn: UNDERTALE.exe, version 0.9.9.5, tidsstämpel 0x551133d9
    , felet uppstod I modulen med namn: d3d9.dll, version 6.3.9600.17415, tidsstämpel 0x545049c1
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00009ec8
    Process-ID: 0x1960
    Programmets starttid: 0xUNDERTALE.exe0
    Sökväg till program: UNDERTALE.exe1
    Sökväg till modul: UNDERTALE.exe2
    Rapport-ID: UNDERTALE.exe3
    Fullständigt namn på felaktigt paket: UNDERTALE.exe4
    Program-ID relativt till felaktigt paket: UNDERTALE.exe5

    Error: (12/23/2015 05:28:06 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1.
    Den beroende sammansättningen Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.


    System errors:
    =============
    Error: (01/16/2016 01:25:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys

    Error: (01/15/2016 10:24:57 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
    Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras I TLS-protokollet är 10. Feltillståndet I Windows SChannel är 10.

    Error: (01/15/2016 10:23:17 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
    Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras I TLS-protokollet är 10. Feltillståndet I Windows SChannel är 10.

    Error: (01/15/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Tjänsten Steam Client Service kunde inte startas på grund av följande fel:
    %%1053

    Error: (01/15/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta.

    Error: (01/15/2016 08:53:08 AM) (Source: Ntfs) (EventID: 55) (User: NT instans)
    Description: En skada upptäcktes I filsystemstrukturen på volym Windows.

    MFT (Master File Table) innehåller en skadad filpost. Filens referensnummer är 0x100000002934f. Namnet på filen är <det gick inte att fastställa filnamnet>.

    Error: (01/15/2016 08:50:30 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084ShellHWDetectionInte tillgänglig{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (01/15/2016 08:46:12 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084WSearchInte tillgänglig{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (01/15/2016 08:46:12 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084WSearchInte tillgänglig{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (01/15/2016 08:46:10 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084ShellHWDetectionInte tillgänglig{DD522ACC-F821-461A-A407-50B198B896DC}


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16241.78 MB
    Available physical RAM: 12774.25 MB
    Total Virtual: 18673.78 MB
    Available Virtual: 15718.05 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:215.41 GB) (Free:137.99 GB) NTFS
    Drive d: () (Fixed) (Total:1863.01 GB) (Free:1696.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: BE780B24)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.8 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1B475987)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. Lono12

    Lono12 Topic Starter

    I'm sorry but the above scan isn't relevant anymore and I don't know if I could delete the replies (I did system restore that dated 1 day back because of I had downloaded the other anti malware program without instructions so I was a bit uncomfortable with having them on my deskstop. and name not available problem is still there) so I did another scan
     
  5. Lono12

    Lono12 Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by Khoa Do (administrator) on KHOA (16-01-2016 16:30:44)
    Running from C:\Users\Khoa Do\Desktop
    Loaded Profiles: Khoa Do (Available Profiles: Khoa Do & Administratör)
    Platform: Windows 8.1 (X64) Language: Svenska (Sverige)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-12] (AVAST Software)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\MountPoints2: {49b10d29-1a63-11e5-827f-fcaa1424c0cf} - "F:\Setup.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-12] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A1056DF5-B9EF-42DF-9463-0044D4A9E702}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-12] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-12] (AVAST Software)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]

    Chrome:
    =======
    CHR Profile: C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-01-16]
    CHR Extension: (YouTube) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
    CHR Extension: (Google Search) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
    CHR Extension: (AdBlock) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-15]
    CHR Extension: (Vulpix Theme) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\inkcgocbdfgfhgijdafhgkbijdmhcbmk [2015-11-13]
    CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-13]
    CHR Extension: (Gmail) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-13]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-12] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2015-12-12] (Avast Software)
    S3 Disc Soft Lite Bus Service; D:\Visual novel\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-04] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-12] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-12] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-12] (AVAST Software)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-02] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
    R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-12] (AVAST Software)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
    R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-09-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-12-12] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-16 16:23 - 2016-01-16 16:23 - 02370560 _____ (Farbar) C:\Users\Khoa Do\Desktop\FRST64.exe
    2016-01-16 16:11 - 2015-12-12 19:31 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-01-16 15:53 - 2016-01-16 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-01-16 13:52 - 2016-01-16 16:30 - 00012486 _____ C:\Users\Khoa Do\Desktop\FRST.txt
    2016-01-16 13:52 - 2016-01-16 16:30 - 00000000 ____D C:\FRST
    2016-01-16 13:48 - 2016-01-16 13:48 - 00006216 _____ C:\Users\Khoa Do\Desktop\rouge 2.txt
    2016-01-16 13:37 - 2016-01-16 13:37 - 00005008 _____ C:\Users\Khoa Do\Desktop\rouge.txt
    2016-01-16 13:25 - 2016-01-16 16:10 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-16 13:22 - 2016-01-16 13:23 - 00218382 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.22.40_log.txt
    2016-01-16 13:12 - 2016-01-16 13:14 - 00661530 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.12.20_log.txt
    2016-01-16 13:09 - 2016-01-16 13:11 - 00219390 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_13.09.38_log.txt
    2016-01-15 10:37 - 2016-01-15 10:46 - 00003202 _____ C:\Users\Khoa Do\Desktop\Nytt textdokument.txt
    2016-01-15 10:08 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-01-15 10:08 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-15 10:07 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-15 10:07 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-01-15 10:07 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-15 10:07 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-15 10:07 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-01-15 10:07 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-01-15 10:07 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2016-01-15 10:07 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-15 10:07 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-15 10:07 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-15 10:07 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-15 10:07 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-15 10:06 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-15 10:06 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-14 16:14 - 2016-01-15 10:03 - 00000000 ____D C:\WINDOWS\pss
    2016-01-14 15:52 - 2016-01-14 20:48 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\ElevatedDiagnostics
    2016-01-13 13:17 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Scanned Documents
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Fax
    2015-12-27 20:17 - 2016-01-14 14:31 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\CrashDumps
    2015-12-26 12:06 - 2015-12-26 12:06 - 00023218 _____ C:\Users\Khoa Do\Downloads\Noble Works.torrent
    2015-12-23 17:40 - 2016-01-16 12:40 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\UNDERTALE
    2015-12-23 17:30 - 2015-12-23 17:30 - 00000202 _____ C:\Users\Khoa Do\Desktop\Undertale.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-16 16:19 - 2014-04-10 15:49 - 00455470 _____ C:\WINDOWS\system32\perfh006.dat
    2016-01-16 16:19 - 2014-04-10 15:49 - 00079224 _____ C:\WINDOWS\system32\perfc006.dat
    2016-01-16 16:19 - 2014-04-10 15:44 - 00426168 _____ C:\WINDOWS\system32\perfh00B.dat
    2016-01-16 16:19 - 2014-04-10 15:44 - 00081252 _____ C:\WINDOWS\system32\perfc00B.dat
    2016-01-16 16:19 - 2014-04-10 15:39 - 00440562 _____ C:\WINDOWS\system32\perfh014.dat
    2016-01-16 16:19 - 2014-04-10 15:39 - 00076716 _____ C:\WINDOWS\system32\perfc014.dat
    2016-01-16 16:19 - 2014-04-10 15:33 - 00724478 _____ C:\WINDOWS\system32\perfh01D.dat
    2016-01-16 16:19 - 2014-04-10 15:33 - 00151834 _____ C:\WINDOWS\system32\perfc01D.dat
    2016-01-16 16:19 - 2014-03-18 11:03 - 03290732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-16 16:19 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-16 16:18 - 2015-08-02 18:23 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-714292664-626144888-293302260-1001
    2016-01-16 16:16 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Skype
    2016-01-16 16:15 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2016-01-16 16:15 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\system32\vbox
    2016-01-16 16:13 - 2015-11-13 22:52 - 00001008 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-16 16:13 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-16 16:13 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-16 16:11 - 2015-08-02 18:31 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-01-16 16:11 - 2015-08-02 18:31 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-01-16 16:11 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\NVIDIA
    2016-01-16 16:11 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do
    2016-01-16 16:11 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
    2016-01-16 16:10 - 2015-12-14 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-01-16 16:10 - 2015-12-03 16:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2016-01-16 16:10 - 2015-11-13 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2016-01-16 16:10 - 2015-08-02 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-16 16:10 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Battle.net
    2016-01-16 16:10 - 2014-11-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:25 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-16 16:10 - 2014-11-11 14:30 - 00000000 ____D C:\Users\Administrator
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\security
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
    2016-01-16 13:03 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Battle.net
    2016-01-15 11:17 - 2015-09-04 18:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-15 11:05 - 2015-11-13 22:52 - 00001012 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-15 10:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-01-15 10:14 - 2014-11-11 15:40 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-15 10:12 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-15 10:10 - 2015-08-02 20:21 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-15 10:10 - 2015-08-02 20:21 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-15 10:03 - 2015-12-14 12:07 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-15 10:03 - 2015-08-02 19:07 - 00000000 ___HD C:\$SysReset
    2016-01-15 10:03 - 2015-08-02 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-15 10:03 - 2015-08-02 18:33 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-15 10:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-15 10:02 - 2015-08-02 18:29 - 00000000 ____D C:\ProgramData\Skype
    2016-01-15 09:09 - 2015-09-29 10:25 - 00007598 _____ C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg
    2016-01-15 08:26 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Skype
    2016-01-14 15:49 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(249)
    2016-01-14 15:49 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-12 05:40 - 2014-11-11 15:34 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64(247).dll
    2016-01-10 21:00 - 2015-06-09 23:51 - 00000000 ____D C:\Users\Khoa Do\Downloads\iPod Photo Cache
    2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-21 23:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-18 19:31 - 2015-08-02 18:31 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2015-12-18 19:31 - 2015-08-02 18:31 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-12-18 19:30 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(211)
    2015-12-18 19:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF

    ==================== Files in the root of some directories =======

    2015-09-29 10:25 - 2016-01-15 09:09 - 0007598 _____ () C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-29 16:58

    ==================== End of FRST.txt ============================
     
  6. Lono12

    Lono12 Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by Khoa Do (2016-01-16 16:30:58)
    Running from C:\Users\Khoa Do\Desktop
    Windows 8.1 (X64) (2015-08-02 17:14:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administratör (S-1-5-21-714292664-626144888-293302260-500 - Administrator - Disabled) => C:\Users\Administrator
    Gäst (S-1-5-21-714292664-626144888-293302260-501 - Limited - Disabled)
    Khoa Do (S-1-5-21-714292664-626144888-293302260-1001 - Administrator - Enabled) => C:\Users\Khoa Do

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-714292664-626144888-293302260-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Apple-programstöd (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
    Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    NVIDIA 3D Vision drivrutin 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA 3D Vision drivrutin för styrenhet 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Grafikdrivrutin 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA HD audiodrivrutin 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA Miracast virtuell audio 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA PhysX systemprogramvara 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
    Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07AE2818-7A58-41E3-A73A-AF7D79A041E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-15] (Microsoft Corporation)
    Task: {4E1A4DD3-86F5-4CF6-9839-ABC74AD43BE8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {983B1BEA-39AB-4B26-96BD-1823782AFBC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {9FB3CA9C-E7E6-4A03-A0F0-0F8F2C79CD6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-12] (AVAST Software)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {C6B39027-7303-4429-B0FC-C894386449E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {D05E28C5-14CF-4487-8A07-E0304BA369CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {F15DFCB2-21C8-4F92-A3DB-226EA6E86652} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
    Task: {FBCEFA1B-576D-46D4-AF30-2C0C2A87F806} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-11-11 15:33 - 2015-09-13 23:09 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-16 16:12 - 2016-01-16 16:12 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011601\algo.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-24 18:08 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-12-16 22:06 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-16 22:06 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
  7. Lono12

    Lono12 Topic Starter

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-714292664-626144888-293302260-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Khoa Do\Downloads\Saber.full.1798433.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{28EE54E3-DA6E-495D-A282-AA984E868752}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3E09B16F-A1B0-4792-8E26-F9E48FF92578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F79169B1-8E9C-4948-A5BD-727287A00A51}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{C1C76193-CE53-44AD-A125-5582E4B32AA7}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{013E5749-FC6D-4B25-9682-F55316A01CB8}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FDA99676-7B63-43F9-BF8A-7BEA1363A253}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{06E85FC7-AC3A-4D78-8E8C-E16CADCE6000}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4ABFB2CF-0C0A-459A-8BB5-92E2A96680B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{45252282-62A5-4F93-9CDB-383516F972B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1CC60079-CCED-4624-A1DC-1AF8DBAC1E4D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{525A609D-67E5-4319-9864-34936B709B92}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{79F54CF6-9968-4172-9CBD-1589BEDEBBBA}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{9AB83DC2-389A-4CB7-A50C-FE9681B850D4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{7D9B73D4-76BD-4361-991F-952F1B304C30}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{B8288B20-4932-42EC-A4C9-27B4929BE2CC}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{D9DA8B66-4423-4684-9E0F-38AA1190DDC5}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{75F1424E-E3D5-4E7B-9C84-E31F36E307EB}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{2C16BE5D-E258-4B27-8A19-361CA2EF8B29}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{9CA46DCF-1C81-4B2F-8BDC-494F807F9A18}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4D6E75B5-1145-44BE-8473-6763CD3B6C8F}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{C2DBD62F-B5FD-42EA-93FB-831958E41E29}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{E1CAAAC7-C38A-442F-AD9B-D364E36893A6}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [TCP Query User{60A1F6E8-F004-4DA8-B9C2-5DFA82DF2C86}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{74D8AAAE-D2E0-44AA-B0FD-64744D38F800}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7D64B38F-AF73-45D2-90E4-A526D9E9D6E7}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{CEF41035-7D45-40B2-A779-C845D701C215}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7E7A5410-DF4E-41A3-A974-21AA3426B734}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{31205CFC-7C45-421A-9250-C54A825542C4}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [{D6FED902-0EEF-4F3F-9EB9-188D4D892D64}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [{7041811B-BA6B-4622-BF23-C414D593F973}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [TCP Query User{7659A714-D497-435C-BEC2-713BBFEFB052}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{01CB7B2E-1EFC-4F73-BF3C-D73408E6F5F8}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{8741AC6C-C192-4427-BF65-D65B7851BDE6}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E4CEC8C1-868E-446D-BF9D-5264D558ED97}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [{99BB7998-5E1C-4112-A009-EC235FE0ADFA}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{80775A2B-1A32-41A3-9FEC-EA4E6AC54A2C}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{4203BE28-0652-4AE3-A51F-E27B4C749C4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{36176481-8E6A-4692-94D4-21974BB7943D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5642BAD3-B003-46C2-92A9-28CF211B2C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{FD088D5C-2AED-4FA9-B8FB-9757CCD4FF4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{09B8F1BE-9E86-4BED-8300-66BD57EFB8BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B963690B-8EA8-40DB-8526-BB892FF2DE3C}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{D28831E9-2F76-4397-9FA9-6B2745CE2FD0}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [TCP Query User{D3DEDE93-1A31-4DFD-B544-397B41528A2C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E9D4014B-9A47-4C02-B7DE-831374A8483C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [{2CF5EAC2-AF60-487F-9B20-9FC0395BF810}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{97AD4ACB-6AB1-4CA9-8DEB-10E80348CE19}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{ED5373BB-0C18-4559-B459-8AE14D466520}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    15-01-2016 11:36:38 manuell
    16-01-2016 16:09:14 Återställningsåtgärd

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/16/2016 04:11:11 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Ett ospecificerat fel uppstod under systemåterställningen: (manuell). Ytterligare information: 0xc0000022.

    Error: (01/15/2016 10:52:30 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1620) SRUJet: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\SRU\SRU0045C.log öppnades.

    Error: (01/15/2016 10:11:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (01/15/2016 10:05:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
    Description: Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen. ESENT-felet var: -528.

    Error: (01/15/2016 10:05:20 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Catalog Database (1280) Catalog Database: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\CatRoot2\edb0005E.log öppnades.

    Error: (01/15/2016 10:04:21 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Ett ospecificerat fel uppstod under systemåterställningen: (Windows Update). Ytterligare information: 0xc0000022.

    Error: (01/14/2016 01:22:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programmet CCleaner64.exe, version 5.8.0.5308, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas I problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

    Process-ID: 19e4

    Starttid: 01d14ec5b2812d06

    Avslutningstid: 2

    Programsökväg: C:\Program Files\CCleaner\CCleaner64.exe

    Rapport-ID: 749b54ba-bab9-11e5-8276-fcaa1424c0cf

    Fullständigt namn på felaktigt paket:

    Program-ID relativt till felaktigt paket:

    Error: (12/29/2015 05:11:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Volymen System optimerades inte eftersom ett fel påträffades: Felaktig parameter. (0x80070057)

    Error: (12/29/2015 04:58:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Volymen System optimerades inte eftersom ett fel påträffades: Felaktig parameter. (0x80070057)

    Error: (12/27/2015 08:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Felet uppstod I programmet med namn: UNDERTALE.exe, version 0.9.9.5, tidsstämpel 0x551133d9
    , felet uppstod I modulen med namn: d3d9.dll, version 6.3.9600.17415, tidsstämpel 0x545049c1
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00009ec8
    Process-ID: 0x1960
    Programmets starttid: 0xUNDERTALE.exe0
    Sökväg till program: UNDERTALE.exe1
    Sökväg till modul: UNDERTALE.exe2
    Rapport-ID: UNDERTALE.exe3
    Fullständigt namn på felaktigt paket: UNDERTALE.exe4
    Program-ID relativt till felaktigt paket: UNDERTALE.exe5


    System errors:
    =============
    Error: (01/16/2016 04:09:27 PM) (Source: DCOM) (EventID: 10010) (User: Khoa)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (01/16/2016 01:25:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys

    Error: (01/15/2016 10:24:57 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
    Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras I TLS-protokollet är 10. Feltillståndet I Windows SChannel är 10.

    Error: (01/15/2016 10:23:17 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
    Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras I TLS-protokollet är 10. Feltillståndet I Windows SChannel är 10.

    Error: (01/15/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Tjänsten Steam Client Service kunde inte startas på grund av följande fel:
    %%1053

    Error: (01/15/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta.

    Error: (01/15/2016 08:53:08 AM) (Source: Ntfs) (EventID: 55) (User: NT instans)
    Description: En skada upptäcktes I filsystemstrukturen på volym Windows.

    MFT (Master File Table) innehåller en skadad filpost. Filens referensnummer är 0x100000002934f. Namnet på filen är <det gick inte att fastställa filnamnet>.

    Error: (01/15/2016 08:50:30 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084ShellHWDetectionInte tillgänglig{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (01/15/2016 08:46:12 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084WSearchInte tillgänglig{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (01/15/2016 08:46:12 AM) (Source: DCOM) (EventID: 10005) (User: Khoa)
    Description: 1084WSearchInte tillgänglig{9E175B68-F52A-11D8-B9A5-505054503030}


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 20%
    Total physical RAM: 16241.78 MB
    Available physical RAM: 12902.83 MB
    Total Virtual: 18673.78 MB
    Available Virtual: 15036.32 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:215.41 GB) (Free:139.02 GB) NTFS
    Drive d: () (Fixed) (Total:1863.01 GB) (Free:1696.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: BE780B24)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.8 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1B475987)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    forogt the last part. Sorry for alot of replies
     
    Last edited by a moderator: Jan 16, 2016
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  9. Lono12

    Lono12 Topic Starter

    RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : Khoa Do [Administrator]
    Started from : C:\Users\Khoa Do\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 01/17/2016 08:30:21

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
    --- User ---
    [MBR] 4b907c5b98ce9a31ea979a84ded83cee
    [BSP] 24f8907c6568ba42e5ebef043445ff62 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 220584 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 452474880 | Size: 8000 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST2000DM001-1ER164 +++++
    --- User ---
    [MBR] ef5348615c74bbef47d3d4082c2355bf
    [BSP] 4bb72940912dbd3eed82625d8a8f21af : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  10. Lono12

    Lono12 Topic Starter

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Skanningsdatum: 2016-01-17
    Skanningstid: 08:32
    Loggfil: mbam.txt
    Administrator: Ja

    Version: 2.2.0.1024
    Databas med skadliga program: v2016.01.17.01
    Databas med rootkit: v2016.01.09.01
    Licens: Gratis
    Skydd mot skadliga program: Inaktiverat
    Skydd mot skadliga webbplatser: Inaktiverat
    Sjalvforsvar: Inaktiverat

    OS: Windows 8.1
    CPU: x64
    Filsystem: NTFS
    Anvandare: Khoa Do

    Skanningstyp: Hotskanning
    Resultat: Slutford
    Skannade objekt: 383082
    Forfluten tid: 7 min, 21 sek

    Minne: Aktiverat
    Autostart: Aktiverat
    Filsystem: Aktiverat
    Arkivfiler: Aktiverat
    Rootkits: Aktiverat
    Heuristik: Aktiverat
    PUP: Aktiverat
    PUM: Aktiverat

    Processer: 0
    (Inga skadliga poster upptackta)

    Moduler: 0
    (Inga skadliga poster upptackta)

    Registernycklar: 0
    (Inga skadliga poster upptackta)

    Registervarden: 0
    (Inga skadliga poster upptackta)

    Registerdata: 0
    (Inga skadliga poster upptackta)

    Mappar: 0
    (Inga skadliga poster upptackta)

    Filer: 0
    (Inga skadliga poster upptackta)

    Fysiska sektorer: 0
    (Inga skadliga poster upptackta)


    (end)

    I know the day before I posted in forum that I found in MBAM that calls something like this
    PUP.Optional.OpenCandy, C:\Users\Khoa Do\AppData\Local\Temp\HYDF75C.tmp.1452850135\HTA\install.1452850135.zip, Flyttad till karantän, [6c83e2572f6a13235bf633f762a07f81],
    PUP.Optional.OpenCandy, C:\Users\Khoa Do\AppData\Local\Temp\HYDF75C.tmp.1452850135\HTA\3rdparty\OCComSDK.dll, Flyttad till karantän, [11de2c0d8514e551e96856d437cb8878],
    PUP.Optional.OpenCandy, C:\Users\Khoa Do\AppData\Local\Temp\HYDF75C.tmp.1452850135\HTA\3rdparty\OCSetupHlp.dll, Flyttad till karantän, [2fc062d75d3cc2744443d1f631d38c74],

    I pressed delete, but I don't know if it was the right thing to do
     
    Last edited by a moderator: Jan 17, 2016
  11. Lono12

    Lono12 Topic Starter

    # AdwCleaner v5.029 - Logfile created 17/01/2016 at 08:46:29
    # Updated 11/01/2016 by Xplode
    # Database : 2016-01-15.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Khoa Do - KHOA
    # Running from : C:\Users\Khoa Do\Desktop\adwcleaner_5.029.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [655 bytes] ##########

    It says that I didn't find anything but what is tracing keys and winsock?
     
  12. Lono12

    Lono12 Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 8.1 x64
    Ran by Khoa Do (Administrator) on 2016-01-17 at 8:52:21,10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2016-01-17 at 8:53:03,60
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    seems like it didn't find anything, just a question. Would reinstallling windows 8 be another solution for this issue? and thanks for taking time for trying to help me, I really appreciate it.

    The computer feels like the same. Some site take abit few second longer to load but I think that's about it
     
    Last edited by a moderator: Jan 17, 2016
  13. Lono12

    Lono12 Topic Starter

    But the problem with name not available is still here and playing the usb sound once. It dosen't play ad or something, just the usb sound
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  15. Lono12

    Lono12 Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by Khoa Do (administrator) on KHOA (18-01-2016 09:54:57)
    Running from C:\Users\Khoa Do\Desktop
    Loaded Profiles: Khoa Do (Available Profiles: Khoa Do & Administratör)
    Platform: Windows 8.1 (X64) Language: Svenska (Sverige)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-12] (AVAST Software)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\MountPoints2: {49b10d29-1a63-11e5-827f-fcaa1424c0cf} - "F:\Setup.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-12] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A1056DF5-B9EF-42DF-9463-0044D4A9E702}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-12] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-12] (AVAST Software)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]

    Chrome:
    =======
    CHR Profile: C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-01-16]
    CHR Extension: (YouTube) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
    CHR Extension: (Google Search) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
    CHR Extension: (AdBlock) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-15]
    CHR Extension: (Vulpix Theme) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\inkcgocbdfgfhgijdafhgkbijdmhcbmk [2015-11-13]
    CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-13]
    CHR Extension: (Gmail) - C:\Users\Khoa Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-13]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-12] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2015-12-12] (Avast Software)
    S3 Disc Soft Lite Bus Service; D:\Visual novel\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-04] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-12] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-12] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-12] (AVAST Software)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-02] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
    R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-12] (AVAST Software)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
    R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-09-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-17] ()
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-12-12] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-17 08:53 - 2016-01-17 08:53 - 00000545 _____ C:\Users\Khoa Do\Desktop\JRT.txt
    2016-01-17 08:50 - 2016-01-17 08:50 - 01600184 _____ (Malwarebytes) C:\Users\Khoa Do\Desktop\JRT.exe
    2016-01-17 08:45 - 2016-01-17 08:46 - 00000000 ____D C:\AdwCleaner
    2016-01-17 08:45 - 2016-01-17 08:45 - 01754112 _____ C:\Users\Khoa Do\Desktop\adwcleaner_5.029.exe
    2016-01-17 08:40 - 2016-01-17 08:40 - 00001126 _____ C:\Users\Khoa Do\Desktop\mbam.txt
    2016-01-17 08:31 - 2016-01-17 08:31 - 00003252 _____ C:\Users\Khoa Do\Desktop\rouge.txt
    2016-01-17 08:25 - 2016-01-17 08:25 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-01-17 08:24 - 2016-01-17 08:25 - 20844104 _____ C:\Users\Khoa Do\Desktop\RogueKiller.exe
    2016-01-16 16:30 - 2016-01-16 16:31 - 00025310 _____ C:\Users\Khoa Do\Desktop\Addition.txt
    2016-01-16 16:23 - 2016-01-16 16:23 - 02370560 _____ (Farbar) C:\Users\Khoa Do\Desktop\FRST64.exe
    2016-01-16 16:11 - 2015-12-12 19:31 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-01-16 15:53 - 2016-01-16 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-01-16 13:52 - 2016-01-18 09:55 - 00011611 _____ C:\Users\Khoa Do\Desktop\FRST.txt
    2016-01-16 13:52 - 2016-01-18 09:54 - 00000000 ____D C:\FRST
    2016-01-16 13:25 - 2016-01-17 08:25 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-15 10:37 - 2016-01-15 10:46 - 00003202 _____ C:\Users\Khoa Do\Desktop\Nytt textdokument.txt
    2016-01-15 10:08 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-15 10:08 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-15 10:08 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-15 10:08 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-15 10:08 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-01-15 10:08 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-15 10:08 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-15 10:08 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-01-15 10:08 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-15 10:08 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-15 10:08 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-15 10:07 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-15 10:07 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-15 10:07 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-01-15 10:07 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
    2016-01-15 10:07 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
    2016-01-15 10:07 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-15 10:07 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-15 10:07 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-01-15 10:07 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-01-15 10:07 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-01-15 10:07 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-01-15 10:07 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2016-01-15 10:07 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-15 10:07 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-15 10:07 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-15 10:07 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
    2016-01-15 10:07 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-01-15 10:07 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-15 10:07 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-15 10:07 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-15 10:07 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
    2016-01-15 10:07 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-15 10:07 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-15 10:07 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-15 10:07 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-15 10:07 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-15 10:06 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-15 10:06 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-14 16:14 - 2016-01-15 10:03 - 00000000 ____D C:\WINDOWS\pss
    2016-01-14 15:52 - 2016-01-14 20:48 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\ElevatedDiagnostics
    2016-01-13 13:17 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Scanned Documents
    2015-12-30 16:03 - 2016-01-15 10:03 - 00000000 ____D C:\Users\Khoa Do\Documents\Fax
    2015-12-27 20:17 - 2016-01-14 14:31 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\CrashDumps
    2015-12-26 12:06 - 2015-12-26 12:06 - 00023218 _____ C:\Users\Khoa Do\Downloads\Noble Works.torrent
    2015-12-23 17:40 - 2016-01-16 12:40 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\UNDERTALE
    2015-12-23 17:30 - 2015-12-23 17:30 - 00000202 _____ C:\Users\Khoa Do\Desktop\Undertale.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-18 09:53 - 2015-08-02 18:23 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-714292664-626144888-293302260-1001
    2016-01-18 09:48 - 2015-11-13 22:52 - 00001008 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-18 09:48 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Skype
    2016-01-17 21:05 - 2015-11-13 22:52 - 00001012 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-17 20:51 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2016-01-17 20:51 - 2015-08-02 18:31 - 00000000 ____D C:\WINDOWS\system32\vbox
    2016-01-17 09:29 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Battle.net
    2016-01-17 08:54 - 2014-04-10 15:49 - 00455470 _____ C:\WINDOWS\system32\perfh006.dat
    2016-01-17 08:54 - 2014-04-10 15:49 - 00079224 _____ C:\WINDOWS\system32\perfc006.dat
    2016-01-17 08:54 - 2014-04-10 15:44 - 00426168 _____ C:\WINDOWS\system32\perfh00B.dat
    2016-01-17 08:54 - 2014-04-10 15:44 - 00081252 _____ C:\WINDOWS\system32\perfc00B.dat
    2016-01-17 08:54 - 2014-04-10 15:39 - 00440562 _____ C:\WINDOWS\system32\perfh014.dat
    2016-01-17 08:54 - 2014-04-10 15:39 - 00076716 _____ C:\WINDOWS\system32\perfc014.dat
    2016-01-17 08:54 - 2014-04-10 15:33 - 00724478 _____ C:\WINDOWS\system32\perfh01D.dat
    2016-01-17 08:54 - 2014-04-10 15:33 - 00151834 _____ C:\WINDOWS\system32\perfc01D.dat
    2016-01-17 08:54 - 2014-03-18 11:03 - 03290732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-17 08:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-17 08:47 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-17 08:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-17 08:32 - 2015-09-04 18:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-16 17:06 - 2015-11-13 22:53 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-16 16:31 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
    2016-01-16 16:11 - 2015-08-02 18:31 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-01-16 16:11 - 2015-08-02 18:31 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-01-16 16:11 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\NVIDIA
    2016-01-16 16:11 - 2015-08-02 18:14 - 00000000 ____D C:\Users\Khoa Do
    2016-01-16 16:10 - 2015-12-14 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-01-16 16:10 - 2015-12-03 16:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2016-01-16 16:10 - 2015-11-13 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2016-01-16 16:10 - 2015-08-02 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-16 16:10 - 2015-08-02 18:26 - 00000000 ____D C:\Users\Khoa Do\AppData\Roaming\Battle.net
    2016-01-16 16:10 - 2014-11-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-16 16:10 - 2014-11-11 15:25 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-16 16:10 - 2014-11-11 14:30 - 00000000 ____D C:\Users\Administrator
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\security
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
    2016-01-16 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
    2016-01-15 10:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-01-15 10:14 - 2014-11-11 15:40 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
    2016-01-15 10:12 - 2015-08-02 20:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-15 10:12 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-15 10:10 - 2015-08-02 20:21 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-15 10:10 - 2015-08-02 20:21 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-15 10:03 - 2015-12-14 12:07 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-15 10:03 - 2015-08-02 19:07 - 00000000 ___HD C:\$SysReset
    2016-01-15 10:03 - 2015-08-02 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-15 10:03 - 2015-08-02 18:33 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-01-15 10:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-15 10:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-15 10:02 - 2015-08-02 18:29 - 00000000 ____D C:\ProgramData\Skype
    2016-01-15 09:09 - 2015-09-29 10:25 - 00007598 _____ C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg
    2016-01-15 08:26 - 2015-08-02 18:29 - 00000000 ____D C:\Users\Khoa Do\AppData\Local\Skype
    2016-01-14 15:49 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(249)
    2016-01-14 15:49 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-12 05:40 - 2014-11-11 15:34 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64(247).dll
    2016-01-10 21:00 - 2015-06-09 23:51 - 00000000 ____D C:\Users\Khoa Do\Downloads\iPod Photo Cache
    2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-21 23:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

    ==================== Files in the root of some directories =======

    2015-09-29 10:25 - 2016-01-15 09:09 - 0007598 _____ () C:\Users\Khoa Do\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    C:\Users\Khoa Do\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Khoa Do\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-29 16:58

    ==================== End of FRST.txt ============================
     
  16. Lono12

    Lono12 Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by Khoa Do (2016-01-18 09:55:10)
    Running from C:\Users\Khoa Do\Desktop
    Windows 8.1 (X64) (2015-08-02 17:14:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administratör (S-1-5-21-714292664-626144888-293302260-500 - Administrator - Disabled) => C:\Users\Administrator
    Gäst (S-1-5-21-714292664-626144888-293302260-501 - Limited - Disabled)
    Khoa Do (S-1-5-21-714292664-626144888-293302260-1001 - Administrator - Enabled) => C:\Users\Khoa Do

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-714292664-626144888-293302260-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Apple-programstöd (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
    Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    NVIDIA 3D Vision drivrutin 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA 3D Vision drivrutin för styrenhet 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Grafikdrivrutin 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA HD audiodrivrutin 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA Miracast virtuell audio 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.98 - NVIDIA Corporation)
    NVIDIA PhysX systemprogramvara 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
    Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07AE2818-7A58-41E3-A73A-AF7D79A041E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-15] (Microsoft Corporation)
    Task: {33FEDAEF-0849-45D7-B0F2-8677F0F6A485} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {983B1BEA-39AB-4B26-96BD-1823782AFBC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {9C6AE0CD-3CEA-4FD5-BF13-F015A0F4DD3D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {9FB3CA9C-E7E6-4A03-A0F0-0F8F2C79CD6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-12] (AVAST Software)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {C6B39027-7303-4429-B0FC-C894386449E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
    Task: {D05E28C5-14CF-4487-8A07-E0304BA369CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {F15DFCB2-21C8-4F92-A3DB-226EA6E86652} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-12 19:31 - 2015-12-12 19:31 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-16 16:12 - 2016-01-16 16:12 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011601\algo.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-01-17 08:47 - 2016-01-17 08:47 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011607\algo.dll
    2016-01-17 20:42 - 2016-01-17 20:42 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011704\algo.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-24 18:08 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
    2015-12-12 19:31 - 2015-12-12 19:31 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-714292664-626144888-293302260-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Khoa Do\Downloads\Saber.full.1798433.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKU\S-1-5-21-714292664-626144888-293302260-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{28EE54E3-DA6E-495D-A282-AA984E868752}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3E09B16F-A1B0-4792-8E26-F9E48FF92578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F79169B1-8E9C-4948-A5BD-727287A00A51}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{C1C76193-CE53-44AD-A125-5582E4B32AA7}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{013E5749-FC6D-4B25-9682-F55316A01CB8}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FDA99676-7B63-43F9-BF8A-7BEA1363A253}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{06E85FC7-AC3A-4D78-8E8C-E16CADCE6000}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4ABFB2CF-0C0A-459A-8BB5-92E2A96680B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{45252282-62A5-4F93-9CDB-383516F972B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1CC60079-CCED-4624-A1DC-1AF8DBAC1E4D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{525A609D-67E5-4319-9864-34936B709B92}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{79F54CF6-9968-4172-9CBD-1589BEDEBBBA}] => (Allow) D:\Battle.net\Battle.net\Battle.net.exe
    FirewallRules: [{9AB83DC2-389A-4CB7-A50C-FE9681B850D4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{7D9B73D4-76BD-4361-991F-952F1B304C30}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{B8288B20-4932-42EC-A4C9-27B4929BE2CC}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{D9DA8B66-4423-4684-9E0F-38AA1190DDC5}C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\khoa do\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{75F1424E-E3D5-4E7B-9C84-E31F36E307EB}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{2C16BE5D-E258-4B27-8A19-361CA2EF8B29}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{9CA46DCF-1C81-4B2F-8BDC-494F807F9A18}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4D6E75B5-1145-44BE-8473-6763CD3B6C8F}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{C2DBD62F-B5FD-42EA-93FB-831958E41E29}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{E1CAAAC7-C38A-442F-AD9B-D364E36893A6}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
    FirewallRules: [TCP Query User{60A1F6E8-F004-4DA8-B9C2-5DFA82DF2C86}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{74D8AAAE-D2E0-44AA-B0FD-64744D38F800}D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7D64B38F-AF73-45D2-90E4-A526D9E9D6E7}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{CEF41035-7D45-40B2-A779-C845D701C215}D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{7E7A5410-DF4E-41A3-A974-21AA3426B734}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{31205CFC-7C45-421A-9250-C54A825542C4}D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
    FirewallRules: [{D6FED902-0EEF-4F3F-9EB9-188D4D892D64}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [{7041811B-BA6B-4622-BF23-C414D593F973}] => (Allow) D:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [TCP Query User{7659A714-D497-435C-BEC2-713BBFEFB052}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{01CB7B2E-1EFC-4F73-BF3C-D73408E6F5F8}D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{8741AC6C-C192-4427-BF65-D65B7851BDE6}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E4CEC8C1-868E-446D-BF9D-5264D558ED97}D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
    FirewallRules: [{99BB7998-5E1C-4112-A009-EC235FE0ADFA}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{80775A2B-1A32-41A3-9FEC-EA4E6AC54A2C}] => (Allow) D:\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{4203BE28-0652-4AE3-A51F-E27B4C749C4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{36176481-8E6A-4692-94D4-21974BB7943D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5642BAD3-B003-46C2-92A9-28CF211B2C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{FD088D5C-2AED-4FA9-B8FB-9757CCD4FF4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{09B8F1BE-9E86-4BED-8300-66BD57EFB8BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B963690B-8EA8-40DB-8526-BB892FF2DE3C}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{D28831E9-2F76-4397-9FA9-6B2745CE2FD0}] => (Allow) D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [TCP Query User{D3DEDE93-1A31-4DFD-B544-397B41528A2C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E9D4014B-9A47-4C02-B7DE-831374A8483C}D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
    FirewallRules: [{2CF5EAC2-AF60-487F-9B20-9FC0395BF810}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{97AD4ACB-6AB1-4CA9-8DEB-10E80348CE19}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{51EC861F-DD1C-4505-BA38-FFF6B79E3043}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    15-01-2016 11:36:38 manuell
    16-01-2016 16:09:14 Återställningsåtgärd
    17-01-2016 08:52:21 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/16/2016 05:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1544) SRUJet: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\SRU\SRU00009.log öppnades.

    Error: (01/16/2016 04:31:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programmet FRST64.exe, version 3.3.14.2, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas I problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

    Process-ID: 13a8

    Starttid: 01d15071d914577c

    Avslutningstid: 4294967295

    Programsökväg: C:\Users\Khoa Do\Desktop\FRST64.exe

    Rapport-ID: 436334b4-bc66-11e5-827c-fcaa1424c0cf

    Fullständigt namn på felaktigt paket:

    Program-ID relativt till felaktigt paket:

    Error: (01/16/2016 04:11:11 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Ett ospecificerat fel uppstod under systemåterställningen: (manuell). Ytterligare information: 0xc0000022.

    Error: (01/15/2016 10:52:30 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1620) SRUJet: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\SRU\SRU0045C.log öppnades.

    Error: (01/15/2016 10:11:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (01/15/2016 10:05:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
    Description: Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen. ESENT-felet var: -528.

    Error: (01/15/2016 10:05:20 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Catalog Database (1280) Catalog Database: Felet -1811 (0xfffff8ed) inträffade när loggfilen C:\WINDOWS\system32\CatRoot2\edb0005E.log öppnades.

    Error: (01/15/2016 10:04:21 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Ett ospecificerat fel uppstod under systemåterställningen: (Windows Update). Ytterligare information: 0xc0000022.

    Error: (01/14/2016 01:22:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programmet CCleaner64.exe, version 5.8.0.5308, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas I problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

    Process-ID: 19e4

    Starttid: 01d14ec5b2812d06

    Avslutningstid: 2

    Programsökväg: C:\Program Files\CCleaner\CCleaner64.exe

    Rapport-ID: 749b54ba-bab9-11e5-8276-fcaa1424c0cf

    Fullständigt namn på felaktigt paket:

    Program-ID relativt till felaktigt paket:

    Error: (12/29/2015 05:11:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: Volymen System optimerades inte eftersom ett fel påträffades: Felaktig parameter. (0x80070057)


    System errors:
    =============
    Error: (01/17/2016 08:52:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten NVIDIA Display Driver Service avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten iPod Service avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Tjänsten Windows Search avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Tjänsten Windows Presentation Foundation Font Cache 3.0.0.0 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 0 millisekunder: Starta om tjänsten.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten NVIDIA Streamer Service avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten NVIDIA Network Service avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten NVIDIA GeForce Experience Service avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten Bonjour-tjänst avslutades oväntat. Detta har skett 1 gånger.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Tjänsten Apple Mobile Device avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 60000 millisekunder: Starta om tjänsten.

    Error: (01/17/2016 08:46:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Tjänsten Print Spooler avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 5000 millisekunder: Starta om tjänsten.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 11%
    Total physical RAM: 16241.78 MB
    Available physical RAM: 14312.03 MB
    Total Virtual: 18673.78 MB
    Available Virtual: 16680.35 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:215.41 GB) (Free:136.79 GB) NTFS
    Drive d: () (Fixed) (Total:1863.01 GB) (Free:1696.63 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: BE780B24)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.8 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1B475987)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Those are clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. Lono12

    Lono12 Topic Starter

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (47.0.2526.106)
    Google Chrome (47.0.2526.111)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  19. Lono12

    Lono12 Topic Starter

    Farbar Service Scanner Version: 03-01-2016
    Ran by Khoa Do (administrator) on 19-01-2016 at 10:41:58
    Running from "C:\Users\Khoa Do\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  20. Lono12

    Lono12 Topic Starter

    Sophos said it was clean so it didn't create a log or anything, think reinstalling windows is the way to go then?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Why would you want to reinstall Windows?
    Still problems?
     
  22. Lono12

    Lono12 Topic Starter

    I thought that reinstalling windows might be one of the way to fix the issue if it dosen't get solved and I have already backed up the files that I need.
    But to be honest I haven't heard the choppy usb sound in the last 2 days now but it could be that I haven't used the computer as much lately and I suspect that it isn't gone yet.
     
    Last edited by a moderator: Jan 20, 2016
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  24. Lono12

    Lono12 Topic Starter

    Thank you for taking your time to help me, to be honest im still a bit skeptical about the problem but I haven't heard the usb sound since the ''last scan'' so I think its okay now.
    But I would like to know if something got changed, deleted or fixed during the process of scanning? it seems for me that there were nothing wrong with in the log that I copy and pasted.
    Last question, what happens if it appear again, do I start a new thread in the forum for more help or do I continue from this one? (me being a bit paranoid of usb sound will come back)

    Once again thank you for helping me, I really appreciate it
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    MBAM removed some stuff but There is no way I can pinpoint actual culprit.
    All I can say is that your computer is clean.

    If something new happens you can always post back here.

    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...