Inactive Antivirus can't delete a certain threat it detects

Fishimun · Apr 20, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by User (administrator) on YASMINEEISSA (20-04-2017 18:55:33)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7638232 2014-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2011-10-24] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}] => "C:\Users\User\Downloads\LeagueofLegends_EUNE_Installer_2016_11_10.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}"
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1982152 2017-03-19] (BitTorrent Inc.)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [YdjlPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Ahgnworks\lfdrestk.dll <===== ATTENTION
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: H - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {103698e4-f684-11e6-9a36-38b1db014f18} - J:\LaunchU3.exe -a
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {6a295423-dca7-11e4-950e-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {73a69a7c-dc9d-11e4-b6b1-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {80353946-fe4e-11e5-8525-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8EABEE9E-E59C-41DC-981E-060F01CD4241}: [DhcpNameServer] 31.3.244.140 31.3.244.135
Tcpip\..\Interfaces\{C35CEF1B-ACDE-4149-AE7F-25CD9378F774}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CBA2B8CA-D7D4-4916-8BC5-0DF41581E01B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{E7A2171E-50EE-4274-86D8-38F4DDABDA00}: [DhcpNameServer] 192.168.9.1 192.168.9.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default [2017-04-20]
FF Extension: (Avira Browser Safety) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\Extensions\abs@avira.com.xpi [2017-04-05]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-08-11] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.linkzb.com"
CHR NewTab: Default -> Active:"chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-16]
CHR Extension: (Facebook Smilies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkldoljdjdpmoladccmlamcelippnil [2015-09-01]
CHR Extension: (Web Navigation) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2015-02-15] [UpdateUrl: hxxp://www.linkszb.com/addon/chrome/update.xml] <==== ATTENTION
CHR Extension: (iLivid) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-12-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-10-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [814264 2011-10-24] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-13] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [800536 2013-11-25] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-03-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-03-25] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171152 2011-10-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2011-10-24] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2011-10-24] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3450584 2014-05-22] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 18:55 - 2017-04-20 18:58 - 00019377 _____ C:\Users\User\Downloads\FRST.txt
2017-04-20 18:54 - 2017-04-20 18:55 - 00000000 ____D C:\FRST
2017-04-20 18:54 - 2017-04-20 18:54 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-04-19 13:27 - 2017-04-19 13:55 - 00038741 _____ C:\Users\User\Desktop\moh.elmougy expence.xlsx
2017-04-18 23:18 - 2017-04-18 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-17 21:09 - 2017-04-20 00:23 - 00000000 ____D C:\Users\User\AppData\Local\Ahgnworks
2017-04-17 01:03 - 2017-04-17 01:03 - 00129456 _____ C:\Users\User\Desktop\My_CV.pdf
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\User\Documents\Paradox Interactive
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-04-16 21:07 - 2017-04-17 21:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Crusader.Kings.II.v2.7.Incl.Monks.and.Mystics.DLC
2017-04-16 01:52 - 2017-04-16 01:52 - 00000000 ____D C:\Users\User\Documents\Darkest
2017-04-14 22:59 - 2017-04-14 22:59 - 01814595 _____ C:\Users\User\Desktop\PM list total egypt.xlsx
2017-04-14 22:41 - 2017-04-14 22:41 - 00785267 _____ C:\Users\User\Desktop\Mogy List.xlsx
2017-04-14 20:52 - 2017-04-19 00:49 - 00000000 ____D C:\Users\User\AppData\Local\DungeonSouls
2017-04-14 19:16 - 2017-04-14 19:16 - 01809419 _____ C:\Users\User\Desktop\M.Elmougy Mater list.xlsx
2017-04-14 10:56 - 2017-04-14 11:16 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband Savegames
2017-04-14 10:53 - 2017-04-14 11:02 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband
2017-04-14 10:53 - 2017-04-14 10:53 - 00000000 ____D C:\ProgramData\SkidRow
2017-04-14 10:48 - 2017-04-14 10:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Mount&Blade Warband
2017-04-14 10:47 - 2017-04-14 10:47 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2017-04-13 09:38 - 2017-04-13 09:38 - 00017753 _____ C:\Users\User\Desktop\Copy of مؤتمر الازهر.xlsx
2017-04-13 02:06 - 2017-04-14 01:30 - 00000000 ____D C:\World of Warcraft
2017-04-09 11:29 - 2017-04-09 11:29 - 00011268 _____ C:\Users\User\Desktop\Copy of Cairo.xlsx
2017-04-08 17:12 - 2017-04-08 17:20 - 93413688 _____ C:\Users\User\Downloads\simtentacles.7z
2017-04-07 10:28 - 2017-04-07 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-04-05 12:22 - 2017-04-05 12:22 - 01767772 _____ C:\Users\User\Desktop\Diabetes.pptx intro..pptx
2017-04-01 17:22 - 2017-04-02 16:17 - 00000000 ____D C:\Users\User\Documents\StarCraft II
2017-04-01 13:41 - 2017-04-06 20:05 - 00000000 ____D C:\Users\User\AppData\Local\Warframe
2017-03-29 20:47 - 2017-03-29 20:47 - 00002274 _____ C:\Users\User\Downloads\SexLabRomance_IgnoreGender.7z
2017-03-29 16:31 - 2017-04-20 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-26 23:08 - 2017-03-26 23:08 - 00000000 ____D C:\Users\User\AppData\Local\LOOT
2017-03-26 22:59 - 2017-03-26 22:59 - 00000000 ____D C:\Users\User\AppData\Local\Nexus
2017-03-26 22:45 - 2017-04-20 02:41 - 00000000 ____D C:\Users\User\Desktop\games
2017-03-26 22:44 - 2017-03-26 22:44 - 00362812 _____ C:\Users\User\Downloads\skse_1_07_03_installer.exe
2017-03-26 22:35 - 2017-03-26 22:35 - 00000000 ____D C:\Users\User\AppData\Local\Skyrim
2017-03-26 22:34 - 2017-03-26 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2017-03-25 15:49 - 2017-03-25 15:49 - 00000000 ____D C:\Users\User\AppData\Local\Disc_Soft_Ltd
2017-03-25 13:40 - 2017-03-25 13:40 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-03-25 04:33 - 2017-03-25 04:33 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-03-25 04:30 - 2017-03-26 22:22 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2017-03-25 04:30 - 2017-03-25 04:30 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-03-25 04:30 - 2017-03-25 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:33 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-03-25 04:06 - 2017-03-25 04:08 - 00694744 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller.exe
2017-03-24 20:48 - 2017-03-24 20:48 - 01124791 _____ C:\Users\User\Downloads\cp_orange_x3.rar
2017-03-22 19:11 - 2017-03-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 18:49 - 2017-02-02 15:26 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000.job
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-18 23:22 - 2017-03-09 20:52 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2017-04-18 23:19 - 2017-02-18 15:02 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000
2017-04-18 23:19 - 2017-02-18 15:02 - 00000424 _____ C:\Users\User\AppData\Local\UserProducts.xml
2017-04-18 23:16 - 2013-03-22 10:00 - 00000817 _____ C:\Windows\SysWOW64\bscs.ini
2017-04-18 23:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-17 23:50 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-04-17 20:51 - 2017-02-18 15:02 - 00003282 _____ C:\Windows\System32\Tasks\update-sys
2017-04-16 01:21 - 2017-03-18 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-04-16 01:21 - 2017-03-18 09:01 - 00000000 ____D C:\GOG Games
2017-04-16 01:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-16 01:19 - 2015-04-15 00:33 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-04-16 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-15 21:49 - 2009-07-14 07:13 - 00786474 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 21:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-14 10:11 - 2015-06-30 02:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 11:33 - 2016-11-23 11:20 - 00003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 11:33 - 2016-11-23 11:20 - 00003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 19:59 - 2017-03-05 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-04-09 19:09 - 2015-05-06 07:17 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-04-09 11:43 - 2017-02-23 12:22 - 00019314 _____ C:\Users\User\Desktop\Q1 target.xlsx
2017-04-05 23:52 - 2016-11-23 11:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 23:52 - 2016-11-23 11:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 16:17 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Blizzard Entertainment
2017-04-02 16:16 - 2017-03-11 21:58 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-01 23:20 - 2014-12-19 22:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 23:17 - 2014-12-19 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-26 22:34 - 2017-03-18 08:48 - 00000000 ____D C:\Users\User\Documents\My Games
2017-03-24 15:49 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-22 19:11 - 2014-12-19 22:49 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2011-10-26 19:14 - 2011-10-26 19:14 - 0001042 _____ () C:\Users\User\AppData\Roaming\coreavc.ini
2017-02-18 15:02 - 2017-02-18 15:02 - 0000003 _____ () C:\Users\User\AppData\Local\updater.log
2017-02-18 15:02 - 2017-04-18 23:19 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2014-12-19 22:35 - 2014-12-19 22:49 - 0000000 ____D () C:\Users\User\AppData\Local\Temp\avgnt.exe
2017-04-17 08:46 - 2017-04-17 08:46 - 0065536 _____ () C:\Users\User\AppData\Local\Temp\truck.dll
2017-03-09 17:04 - 2017-02-18 16:54 - 0106866 _____ () C:\Users\User\AppData\Local\Temp\Uninstall.exe
2017-04-17 21:08 - 2017-04-17 21:08 - 0000000 _____ () C:\Users\User\AppData\Local\Temp\yutmntti.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-14 02:54

==================== End of FRST.txt ============================

Fishimun · Apr 20, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by User (20-04-2017 18:59:54)
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-19 17:31:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4281429499-1691222031-488837525-500 - Administrator - Disabled)
Guest (S-1-5-21-4281429499-1691222031-488837525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4281429499-1691222031-488837525-1002 - Limited - Enabled)
User (S-1-5-21-4281429499-1691222031-488837525-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Age of Wonders III - Dragon's Throne Scenario (HKLM-x32\...\1207660883_is1) (Version: 2.7.0.22 - GOG.com)
Age of Wonders III - Eternal Lords (HKLM-x32\...\1428937263_is1) (Version: 2.7.0.22 - GOG.com)
Age of Wonders III - Golden Realms (HKLM-x32\...\1207665893_is1) (Version: 2.7.0.22 - GOG.com)
Age of Wonders III (HKLM-x32\...\1207660893_is1) (Version: 2.7.0.22 - GOG.com)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version: - Ninja Kiwi)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.9.0.13 - GOG.com)
Desktop Dungeons - Goatperson (HKLM-x32\...\Desktop Dungeons - Goatperson_is1) (Version: 2.4.0.6 - GOG.com)
Desktop Dungeons (HKLM-x32\...\1207664703_is1) (Version: 2.5.0.7 - GOG.com)
Discord (HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dungeon Defenders II (HKLM\...\Steam App 236110) (Version: - Trendy Entertainment)
ESET NOD32 Antivirus (HKLM\...\{9CEC1801-DB68-48CE-B74F-5733BBD3F729}) (Version: 4.2.76.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc‎.‎)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Guild Quest (HKLM\...\Steam App 547680) (Version: - Hyper Hippo Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KMSpico v9.1.0.20131125 (Beta) (HKLM\...\KMSpico_is1) (Version: 9.1.0.20131125 - )
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Lightshot-5.4.0.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.5 - Skillbrains)
Magic Duels (HKLM\...\Steam App 316010) (Version: - Stainless Games Ltd.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Real Alternative 2.0.2 Lite (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shadowverse (HKLM\...\Steam App 453480) (Version: - Cygames, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.13 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.5.2f1 - Unity Technologies ApS)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.403.44552 - Vodafone)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4281429499-1691222031-488837525-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F3C09D-8174-4B8D-9301-834D45352587} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.)
Task: {06F74F6E-ED38-4CA0-B64E-D1D927A5965D} - System32\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {30A1ED17-AEC1-4212-8581-E37E6734DB44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.)
Task: {32598CA2-22E0-4F21-A011-510A37680D45} - System32\Tasks\{8ABDCD53-F68A-4B7F-A3B9-78936B2E339D} => pcalua.exe -a C:\Users\User\Downloads\jre-8u121-windows-i586-iftw.exe -d C:\Users\User\Downloads
Task: {52E9CB93-F08E-40C9-B855-872C9D112774} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {86652F92-42A5-45EB-B88E-56336E42F405} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {90E34B15-4393-4706-8C00-FC62D4D3E6C9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-25] ()
Task: {9DC7B404-20CA-4C23-8313-205323E30844} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {A5475081-DA2C-47CC-A952-6738DF5FEA10} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {A6EF6CF1-0CE1-4CAB-9933-969E03D38214} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {C8895089-387A-4425-AE69-AE746DE8E5B5} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\system32\BsExtendFunc.dll
2017-04-18 02:28 - 2017-04-18 02:28 - 01332736 ____N () C:\Users\User\AppData\Local\Ahgnworks\lfdrestk.dll
2013-01-31 17:04 - 2013-01-31 17:04 - 00080120 _____ () C:\Windows\system32\BsProfilefunc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-08-11 10:20 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4281429499-1691222031-488837525-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Software Informer => "C:\Program Files\Software Informer\softinfo.exe" -autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F691B119-4A34-4E54-8882-84D4A66EB72B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F808A248-ABA9-45C4-ABEF-093CB33929B6}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{33265B60-A8DC-4406-98A8-E66995E2130E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B4D84DF1-91BA-45E2-8232-AF298B3B9354}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E1FC7AB8-BB05-49C1-A42E-4EEB0ECB56E3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8F2626C0-7A8A-4F42-A3B5-A7CABCAD9D16}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FC9B358A-A486-4671-8390-98AA363DA8C5}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{DC03ED86-BDE6-42E1-8419-038A2FB28A95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBFB0D3F-B373-4AB8-8635-3B28B919A0BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B381F695-839D-43CB-983D-71DE8E86D5B4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1A6BC54F-8764-40BF-A2B5-7D54F9BD7F55}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F72B2DD1-5570-4FD7-B0D9-168012FEFC64}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{94876612-276D-408B-8F89-5EC4015CEF94}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A03DAA20-F958-4871-820E-5341E36C61DF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{793FE23A-CE74-4602-B7EF-2E42B0E753B2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A09B0008-7FAB-45CE-98D9-ACBFECF8F9C1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4B29F875-EA42-420A-B96E-74D7319C1FEF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{593248F9-AF6F-497F-8AF5-70502572A700}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{76297F3E-D85B-4B38-B08D-096AAAEA500E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C6079EB1-B859-4028-B218-FA7542136B16}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5F5B7524-88A7-4A55-BC80-AEF4F2F27818}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{05D7B901-E034-49E0-AD12-0E4A2A0B4ABF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{33423F67-6A27-4C98-96C4-EFE15298728D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BF50B711-B888-4B02-BF87-7C40B91B1717}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{45203C8B-D59F-4F14-8298-B5A5B5E79394}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FF331B8-B5A1-4AB7-845D-BDD1400F0C28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{123C1222-2194-4490-B82D-261A2E544227}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8D7BA6B5-5537-47BC-AFC3-5187C9828F4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0B808390-4FCC-4ED0-BC83-80262AC29C9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C5E2EA90-6F4F-4057-A190-07D8446EC7A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F3F17E0C-E79B-4FCB-9DD0-6E9563908C6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{DC3F9BE9-7952-4E6B-88FF-7474F37D95C6}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{2A0961FC-92A8-4010-972D-96DC9727424F}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{FFDEFBFB-099B-4F6C-BA82-6AFEE974022D}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{41095EAD-29A9-4D13-849A-187753D33DF2}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{58D1FF7D-3D5B-4837-8E4C-595FFAD24656}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7C7DF938-0501-4BF4-B023-235EB1A712D8}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7DF8703B-5967-4F04-9CB3-87CA8030000D}] => (Allow) E:\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{7BC9C2BB-8B77-4FF9-B3A9-7EEF3101A718}] => (Allow) E:\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [TCP Query User{BF19432A-E89F-4E52-BCCD-88EA03B1B5D2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BB2506C5-5D5C-41A1-9E1D-F138F6943287}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F2710C1A-A75D-43D3-B5E8-F2C9F2F717D9}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7E50A6AC-DE49-434C-BC36-E090CCA1B879}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{787E0A11-C0FF-4CF9-82D8-5251D306246C}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{3A2AFB4F-799A-46D2-9CAE-377D4D700600}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{B3B78B68-86B9-4439-B158-5DAE8811D6ED}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{53E5BFBC-9057-4AFB-8136-E7EC0EE683D2}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{C5749028-F3F4-49DA-A153-0D433B4A5AF2}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{512F232C-5356-4A12-8422-D90BE0780D49}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FAEC7D72-E5A5-473C-9893-EBDBE4E5BB2B}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F0350266-6143-4ECC-8789-1C7491791197}] => (Allow) E:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{0059E980-C54B-4ED1-B0E5-2EFA91B7AE9E}] => (Allow) E:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [TCP Query User{CC57AE4B-FD8C-447E-80DD-86D443FA2B8C}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{DD03B558-9285-41A7-B846-FAC68882C4DB}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{9B43690B-07FC-407B-9062-F09A9A0C5E9B}] => (Allow) C:\GOG Games\Age of Wonders III\AoW3.exe
FirewallRules: [{3E392114-BB52-4B84-BC50-C3ADDA7B6726}] => (Allow) C:\GOG Games\Age of Wonders III\AoW3_Debug.exe
FirewallRules: [{CE187817-F5C8-41BC-8E73-73148428215A}] => (Allow) C:\GOG Games\Age of Wonders III\AoW3Launcher.exe
FirewallRules: [{E2A35558-6AD7-415C-95C9-30E0D5CC2F56}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{851BA1AB-BB36-4471-B98C-A183096B1E72}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79F2CC57-1C86-42D2-B11A-EAE539044AC9}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{60641DED-9704-4F73-A029-6B4296E37B0E}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{DF046C60-E6BB-4C65-A0D5-F065965A3BCD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B692A765-FA71-4300-A933-AFF4DB5C79E5}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{495398C4-62A9-4C40-A8AF-5BE567A947B1}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{213F1C18-A077-4957-B8B3-5F3705C7C01E}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D77D151-5FCA-4CBD-99E6-AA62F0713199}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AEEF93D3-B2E0-4547-9BE5-B7975A3F7713}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1F971CE-F522-44AE-8592-DA4C2D76483E}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B240B580-C2D7-4208-8E51-B2CEEE492B7B}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8CA9C6D0-A2F2-40A4-B5B9-9C65B52C020E}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{DCAA2F87-61AB-49C6-99C2-D9DCEC25C503}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0DB57CE9-F8B4-41FE-B1E6-47EA0EF29A77}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{17B79E8A-491A-44A8-8DAB-18470BEB14B1}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{418F38AC-7B35-4B52-8590-3D7380EA6054}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EC55D7DE-08D1-4BBA-85D8-6D9A0FFCF7A4}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3CACFB8E-64C4-4532-956D-27E96AC572B2}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{51700696-092D-4707-9439-48440B4E0B51}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{07639251-7EEA-4A98-9E77-615F03085A81}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{4EE87D6F-BF1F-4855-9786-2A6DF4A62BF5}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{12116F00-CCE0-4259-BC4C-9BA91E5BE9C2}] => (Allow) E:\Battle.net\StarCraft II\Versions\Base51702\SC2_x64.exe
FirewallRules: [{C76CC27A-894C-4D9E-833B-88F63D7591F6}] => (Allow) E:\Battle.net\StarCraft II\Versions\Base51702\SC2_x64.exe
FirewallRules: [{E9D46171-40AD-48AE-90B5-8F88CAA892F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E9F4C3E4-0104-4310-80C7-EA8FBB8D8578}] => (Allow) E:\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{7E51E67C-7813-448A-850B-187CABB8AF65}] => (Allow) E:\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{A830A525-9C34-43AB-8CD2-9C96ECB36ED2}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA7E61CE-2C15-4C48-8DE7-B79FAC0E7CA0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42BD46D4-5FBE-493A-A00B-64B1D58C2879}] => (Allow) LPort=1688
FirewallRules: [{41218A16-2A1E-41F1-8302-C2FDC348FFA7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{588EE7C6-0E89-406F-A629-4188970B3534}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9B6A617B-862D-4ED9-B67B-BF33F71AE6A4}] => (Allow) LPort=1688

==================== Restore Points =========================

25-03-2017 04:32:37 Device Driver Package Install: Disc Soft Ltd Storage controllers
25-03-2017 04:35:07 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
01-04-2017 05:50:15 Scheduled Checkpoint
01-04-2017 13:43:03 Installed DirectX
09-04-2017 00:00:03 Scheduled Checkpoint
16-04-2017 02:24:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2017 11:26:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LeagueClient.exe version 7.7.182.8194 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b28

Start Time: 01d2b953554561ba

Termination Time: 0

Application Path: E:\LoL\RADS\projects\league_client\releases\0.0.0.63\deploy\LeagueClient.exe

Report Id: cdd738a3-2546-11e7-b7b1-38b1db014f18

Error: (04/18/2017 11:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/18/2017 11:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5293c797
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe998306a8
Faulting process id: 0x71c
Faulting application start time: 0x01d2b88913dc99ac
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: 6d0935ea-247c-11e7-b7b1-38b1db014f18

Error: (04/18/2017 12:21:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/18/2017 12:20:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5293c797
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe98b906a8
Faulting process id: 0x5f8
Faulting application start time: 0x01d2b82d5cf125d7
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: b1a8b47a-2420-11e7-a51b-38b1db014f18

Error: (04/18/2017 10:40:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/18/2017 10:38:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5293c797
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe984f06a8
Faulting process id: 0x24c
Faulting application start time: 0x01d2b81f2397c8a3
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: 7702c242-2412-11e7-84ee-38b1db014f18

Error: (04/17/2017 02:28:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/17/2017 02:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5293c797
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe989606a8
Faulting process id: 0xbc
Faulting application start time: 0x01d2b775e02b7cc3
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: 30410118-2369-11e7-8754-38b1db014f18

Error: (04/16/2017 05:08:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (04/20/2017 06:47:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VaultSvc service.

Error: (04/19/2017 01:14:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service.

Error: (04/18/2017 11:18:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (04/18/2017 11:16:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/18/2017 12:20:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (04/18/2017 12:20:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/18/2017 11:04:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/18/2017 10:39:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (04/18/2017 10:38:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/17/2017 02:27:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 69%
Total physical RAM: 4032.3 MB
Available physical RAM: 1249.03 MB
Total Virtual: 8062.78 MB
Available Virtual: 5032.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.92 GB) (Free:98.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:138.9 GB) (Free:23.03 GB) NTFS
Drive f: () (Fixed) (Total:138.93 GB) (Free:138.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7313F68)
Partition 1: (Active) - (Size=187.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Broni · Apr 20, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Inactive Antivirus can't delete a certain threat it detects

Fishimun

Fishimun

Broni

Posts: 56,041 +516

Similar threads

Latest posts