Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Oraa Main (administrator) on ORAAMAIN-PC (20-07-2017 20:45:22)
Running from C:\Users\Oraa Main\Downloads
Loaded Profiles: Oraa Main & UpdatusUser (Available Profiles: Oraa Main & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Run: [Spotify Web Helper] => C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-02] (Spotify Ltd)
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e1-e283-11e6-ab79-b8975a186060} - G:\autorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e4-e283-11e6-ab79-b8975a186060} - H:\noautorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {525fad60-d54d-11e5-b94e-806e6f6e6963} - F:\CheckID.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {8574603c-69aa-11e6-91ad-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 02 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 03 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 04 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 05 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 06 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 07 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{840B53B5-C425-4DDA-B8B8-1FE647B8F542}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{95DED50E-4D75-4C9B-9D5E-18BB92ACA6C1}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin64 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-20] (Ubisoft)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWux37qvI8e-Un6jIjTHpWM1b137Tu_NpZOOD4b5D3sO7wYHW9t_MWPXphvIadgGnsCoPtlF3wCiUZlDAMBKIe2EeU-8BfcUgitgjFcLqDd4o1HfV5qFbhbFblmYDko8nO3OYR1iv11OBhLAP1ENS2rFsNqQ,,
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (Skype Calling) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-09]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-06-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-19]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-19]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-19]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-19]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-19]
CHR Extension: (The Godfather: Five Families) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2016-02-19]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-06]
CHR Extension: (Pixlr Express) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-02-19]
CHR Extension: (SparkChess) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2017-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Marc Ecko) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-02-19]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-19]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-14]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.UX7SOILC5ZT7HX43B77YMG6XMQ - D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 GarenaPlatform; "G:\Program Files (x86)\Garena\Garena\2.0.1706.1617\gxxsvc.exe" run [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-17] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [17024 2008-06-17] (BIOSTAR Group) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-18] ()
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 SDGame; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 20:45 - 2017-07-20 20:45 - 00024164 _____ C:\Users\Oraa Main\Downloads\FRST.txt
2017-07-20 20:45 - 2017-07-20 20:45 - 00000000 ____D C:\FRST
2017-07-20 20:44 - 2017-07-20 20:44 - 02382336 _____ (Farbar) C:\Users\Oraa Main\Downloads\FRST64.exe
2017-07-20 20:36 - 2017-07-20 20:40 - 00399678 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_20.36.38_log.txt
2017-07-20 20:36 - 2017-07-20 20:36 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-20 20:34 - 2017-07-20 20:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Oraa Main\Downloads\tdsskiller.exe
2017-07-20 20:11 - 2017-07-20 20:14 - 00153228 _____ C:\Windows\ntbtlog.txt
2017-07-20 19:42 - 2017-07-20 19:42 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-20 19:35 - 2017-07-20 19:35 - 00000000 ____D C:\Users\Oraa Main\AppData\LocalLow\uTorrent
2017-07-20 19:20 - 2017-07-20 19:20 - 14031892 _____ C:\Users\Oraa Main\Desktop\1.psd
2017-07-16 18:46 - 2017-07-16 18:46 - 01627193 _____ C:\Users\Oraa Main\Downloads\video-1500201040.mp4
2017-07-16 18:15 - 2017-07-16 18:15 - 02994772 _____ C:\Users\Oraa Main\Downloads\video-1500198940.mp4
2017-07-16 18:00 - 2017-07-16 18:00 - 01213260 _____ C:\Users\Oraa Main\Downloads\video-1500199094.mp4
2017-07-16 16:08 - 2017-07-16 16:08 - 00516120 _____ C:\Users\Oraa Main\Downloads\video-1500189960.mp4
2017-07-16 14:14 - 2017-07-16 14:14 - 02883102 _____ C:\Users\Oraa Main\Downloads\20090648_128790224389316_5081138115817504768_n.mp4
2017-07-16 14:13 - 2017-07-16 14:14 - 04084073 _____ C:\Users\Oraa Main\Downloads\20078598_104651650144249_5710071381224325120_n (1).mp4
2017-07-14 20:14 - 2017-07-14 20:14 - 00000000 ____D C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll_files
2017-07-14 20:13 - 2017-07-14 20:14 - 00074062 _____ C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll.html
2017-07-06 18:51 - 2017-07-06 18:52 - 00000018 _____ C:\Users\Oraa Main\Desktop\Ragna PW.txt
2017-07-03 21:05 - 2017-07-03 21:05 - 03240718 _____ C:\Users\Oraa Main\Downloads\video-1499086801.mp4
2017-06-29 17:27 - 2017-06-29 17:27 - 00000000 ____D C:\Program Files (x86)\Gravity
2017-06-29 17:13 - 2017-06-29 17:13 - 00275284 _____ C:\Users\Oraa Main\Downloads\control_panel_for_mirai_v1_2_(en_de_it)_R3.zip
2017-06-29 17:13 - 2017-06-29 17:13 - 00035934 _____ C:\Users\Oraa Main\Downloads\mirai_v1_2_2.zip
2017-06-23 15:41 - 2017-06-23 15:41 - 00001290 _____ C:\Users\Oraa Main\Desktop\Setup - Shortcut.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000663 _____ C:\Users\Public\Desktop\RagnarokOnline.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gravity
2017-06-23 12:34 - 2017-06-23 12:38 - 58097315 _____ C:\Users\Oraa Main\Downloads\Z ft. Fetty Wap - Nobodys Better (Muffin Remix).flac
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagwrn.xml
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagerr.xml
2017-06-23 02:09 - 2017-06-23 02:09 - 00016050 _____ C:\Users\Oraa Main\Downloads\RO_Extreme_20170614_PH.exe.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 20:37 - 2017-03-15 21:49 - 00000284 _____ C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:27 - 2016-02-17 17:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-20 20:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 20:23 - 2017-03-18 19:46 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-20 19:49 - 2016-09-13 22:49 - 00000986 _____ C:\Windows\Tasks\Yahoo! Powered ranal.job
2017-07-20 19:43 - 2016-03-25 08:52 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458867159
2017-07-20 19:43 - 2016-02-19 02:08 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 19:43 - 2016-02-17 07:15 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\uTorrent
2017-07-20 19:42 - 2017-03-18 19:46 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-20 19:42 - 2016-02-19 02:08 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150055098671303
2017-07-20 17:49 - 2016-09-13 22:49 - 00000000 ____D C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}
2017-07-19 06:21 - 2017-04-27 02:20 - 00000000 ____D C:\Users\Oraa Main\Desktop\Aeon
2017-07-18 17:55 - 2016-02-17 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-07-16 16:26 - 2016-07-19 00:34 - 00066728 _____ C:\Users\Oraa Main\Documents\starburn.txt
2017-07-13 22:00 - 2016-11-04 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 14:52 - 2016-02-19 02:08 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149975595783106
2017-07-11 14:52 - 2016-02-19 02:08 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:51 - 2016-03-25 08:52 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:51 - 2016-02-19 02:08 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-04 17:56 - 2016-06-29 03:44 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\Spotify
2017-07-04 17:55 - 2016-07-18 17:06 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\Spotify
2017-07-04 00:41 - 2016-08-28 16:05 - 00000000 ____D C:\Users\Oraa Main\Desktop\AUTOCAD
2017-07-01 01:08 - 2009-07-14 13:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-01 00:32 - 2016-11-20 00:07 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 19:25 - 2016-02-23 22:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\ElevatedDiagnostics
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\UpdatusUser\Desktop\Play MyRO!.lnk
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\Oraa Main\Desktop\Play MyRO!.lnk
2017-06-29 22:42 - 2015-04-18 11:21 - 00000000 ____D C:\Users\Oraa Main\Desktop\UltraRO v3
2017-06-29 17:14 - 2017-04-29 08:59 - 00000000 ____D C:\Users\Oraa Main\Desktop\Games
2017-06-29 04:25 - 2016-02-19 01:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 13:47 - 2017-05-15 00:43 - 00135168 ___SH C:\Users\Oraa Main\Thumbs.db
2017-06-23 15:32 - 2016-02-17 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-23 12:41 - 2016-03-08 16:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\vlc
2017-06-21 18:05 - 2016-02-17 17:34 - 00001200 _____ C:\Users\Oraa Main\Desktop\Steam - Shortcut.lnk
==================== Files in the root of some directories =======
2017-02-28 17:23 - 2017-02-28 17:25 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-04-02 22:00 - 2017-04-28 15:06 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-03 12:42 - 2016-04-03 12:42 - 0000046 _____ () C:\Users\Oraa Main\AppData\Roaming\Camdata.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamLayout.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamShapes.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0004510 _____ () C:\Users\Oraa Main\AppData\Roaming\CamStudio.cfg
2016-11-18 17:03 - 2017-01-13 00:37 - 0000392 _____ () C:\Users\Oraa Main\AppData\Roaming\WB.CFG
2016-04-03 07:53 - 2016-04-03 07:53 - 0000038 ___SH () C:\Users\Oraa Main\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-18 23:40 - 2016-08-15 02:46 - 0006144 _____ () C:\Users\Oraa Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 12:18 - 2016-04-03 12:18 - 0004912 _____ () C:\ProgramData\lbogtyso.zat
2016-04-03 12:18 - 2016-04-03 12:18 - 0000016 _____ () C:\ProgramData\mntemp
Files to move or delete:
====================
C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job
Some files in TEMP:
====================
2017-05-30 06:39 - 2017-05-24 14:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Common.dll
2017-05-30 06:39 - 2017-05-24 14:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-InstallerUtils.dll
2017-05-30 06:39 - 2017-05-24 14:54 - 0187416 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-LibraryHandler.dll
2017-05-30 06:39 - 2017-05-24 14:53 - 0246808 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-Logger-Native.dll
2017-05-30 06:39 - 2017-05-24 14:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Uninstaller.exe
2017-03-16 15:33 - 2017-03-16 15:33 - 14456872 _____ (Microsoft Corporation) C:\Users\Oraa Main\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-15 06:02
==================== End of FRST.txt ============================
Ran by Oraa Main (administrator) on ORAAMAIN-PC (20-07-2017 20:45:22)
Running from C:\Users\Oraa Main\Downloads
Loaded Profiles: Oraa Main & UpdatusUser (Available Profiles: Oraa Main & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Run: [Spotify Web Helper] => C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-02] (Spotify Ltd)
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e1-e283-11e6-ab79-b8975a186060} - G:\autorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e4-e283-11e6-ab79-b8975a186060} - H:\noautorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {525fad60-d54d-11e5-b94e-806e6f6e6963} - F:\CheckID.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {8574603c-69aa-11e6-91ad-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 02 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 03 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 04 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 05 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 06 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 07 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{840B53B5-C425-4DDA-B8B8-1FE647B8F542}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{95DED50E-4D75-4C9B-9D5E-18BB92ACA6C1}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin64 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-20] (Ubisoft)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWux37qvI8e-Un6jIjTHpWM1b137Tu_NpZOOD4b5D3sO7wYHW9t_MWPXphvIadgGnsCoPtlF3wCiUZlDAMBKIe2EeU-8BfcUgitgjFcLqDd4o1HfV5qFbhbFblmYDko8nO3OYR1iv11OBhLAP1ENS2rFsNqQ,,
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (Skype Calling) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-09]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-06-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-19]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-19]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-19]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-19]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-19]
CHR Extension: (The Godfather: Five Families) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2016-02-19]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-06]
CHR Extension: (Pixlr Express) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-02-19]
CHR Extension: (SparkChess) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2017-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Marc Ecko) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-02-19]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-19]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-14]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.UX7SOILC5ZT7HX43B77YMG6XMQ - D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 GarenaPlatform; "G:\Program Files (x86)\Garena\Garena\2.0.1706.1617\gxxsvc.exe" run [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-17] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [17024 2008-06-17] (BIOSTAR Group) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-18] ()
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 SDGame; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 20:45 - 2017-07-20 20:45 - 00024164 _____ C:\Users\Oraa Main\Downloads\FRST.txt
2017-07-20 20:45 - 2017-07-20 20:45 - 00000000 ____D C:\FRST
2017-07-20 20:44 - 2017-07-20 20:44 - 02382336 _____ (Farbar) C:\Users\Oraa Main\Downloads\FRST64.exe
2017-07-20 20:36 - 2017-07-20 20:40 - 00399678 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_20.36.38_log.txt
2017-07-20 20:36 - 2017-07-20 20:36 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-20 20:34 - 2017-07-20 20:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Oraa Main\Downloads\tdsskiller.exe
2017-07-20 20:11 - 2017-07-20 20:14 - 00153228 _____ C:\Windows\ntbtlog.txt
2017-07-20 19:42 - 2017-07-20 19:42 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-20 19:35 - 2017-07-20 19:35 - 00000000 ____D C:\Users\Oraa Main\AppData\LocalLow\uTorrent
2017-07-20 19:20 - 2017-07-20 19:20 - 14031892 _____ C:\Users\Oraa Main\Desktop\1.psd
2017-07-16 18:46 - 2017-07-16 18:46 - 01627193 _____ C:\Users\Oraa Main\Downloads\video-1500201040.mp4
2017-07-16 18:15 - 2017-07-16 18:15 - 02994772 _____ C:\Users\Oraa Main\Downloads\video-1500198940.mp4
2017-07-16 18:00 - 2017-07-16 18:00 - 01213260 _____ C:\Users\Oraa Main\Downloads\video-1500199094.mp4
2017-07-16 16:08 - 2017-07-16 16:08 - 00516120 _____ C:\Users\Oraa Main\Downloads\video-1500189960.mp4
2017-07-16 14:14 - 2017-07-16 14:14 - 02883102 _____ C:\Users\Oraa Main\Downloads\20090648_128790224389316_5081138115817504768_n.mp4
2017-07-16 14:13 - 2017-07-16 14:14 - 04084073 _____ C:\Users\Oraa Main\Downloads\20078598_104651650144249_5710071381224325120_n (1).mp4
2017-07-14 20:14 - 2017-07-14 20:14 - 00000000 ____D C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll_files
2017-07-14 20:13 - 2017-07-14 20:14 - 00074062 _____ C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll.html
2017-07-06 18:51 - 2017-07-06 18:52 - 00000018 _____ C:\Users\Oraa Main\Desktop\Ragna PW.txt
2017-07-03 21:05 - 2017-07-03 21:05 - 03240718 _____ C:\Users\Oraa Main\Downloads\video-1499086801.mp4
2017-06-29 17:27 - 2017-06-29 17:27 - 00000000 ____D C:\Program Files (x86)\Gravity
2017-06-29 17:13 - 2017-06-29 17:13 - 00275284 _____ C:\Users\Oraa Main\Downloads\control_panel_for_mirai_v1_2_(en_de_it)_R3.zip
2017-06-29 17:13 - 2017-06-29 17:13 - 00035934 _____ C:\Users\Oraa Main\Downloads\mirai_v1_2_2.zip
2017-06-23 15:41 - 2017-06-23 15:41 - 00001290 _____ C:\Users\Oraa Main\Desktop\Setup - Shortcut.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000663 _____ C:\Users\Public\Desktop\RagnarokOnline.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gravity
2017-06-23 12:34 - 2017-06-23 12:38 - 58097315 _____ C:\Users\Oraa Main\Downloads\Z ft. Fetty Wap - Nobodys Better (Muffin Remix).flac
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagwrn.xml
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagerr.xml
2017-06-23 02:09 - 2017-06-23 02:09 - 00016050 _____ C:\Users\Oraa Main\Downloads\RO_Extreme_20170614_PH.exe.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 20:37 - 2017-03-15 21:49 - 00000284 _____ C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:27 - 2016-02-17 17:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-20 20:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 20:23 - 2017-03-18 19:46 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-20 19:49 - 2016-09-13 22:49 - 00000986 _____ C:\Windows\Tasks\Yahoo! Powered ranal.job
2017-07-20 19:43 - 2016-03-25 08:52 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458867159
2017-07-20 19:43 - 2016-02-19 02:08 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 19:43 - 2016-02-17 07:15 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\uTorrent
2017-07-20 19:42 - 2017-03-18 19:46 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-20 19:42 - 2016-02-19 02:08 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150055098671303
2017-07-20 17:49 - 2016-09-13 22:49 - 00000000 ____D C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}
2017-07-19 06:21 - 2017-04-27 02:20 - 00000000 ____D C:\Users\Oraa Main\Desktop\Aeon
2017-07-18 17:55 - 2016-02-17 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-07-16 16:26 - 2016-07-19 00:34 - 00066728 _____ C:\Users\Oraa Main\Documents\starburn.txt
2017-07-13 22:00 - 2016-11-04 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 14:52 - 2016-02-19 02:08 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149975595783106
2017-07-11 14:52 - 2016-02-19 02:08 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:51 - 2016-03-25 08:52 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:51 - 2016-02-19 02:08 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-04 17:56 - 2016-06-29 03:44 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\Spotify
2017-07-04 17:55 - 2016-07-18 17:06 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\Spotify
2017-07-04 00:41 - 2016-08-28 16:05 - 00000000 ____D C:\Users\Oraa Main\Desktop\AUTOCAD
2017-07-01 01:08 - 2009-07-14 13:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-01 00:32 - 2016-11-20 00:07 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 19:25 - 2016-02-23 22:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\ElevatedDiagnostics
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\UpdatusUser\Desktop\Play MyRO!.lnk
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\Oraa Main\Desktop\Play MyRO!.lnk
2017-06-29 22:42 - 2015-04-18 11:21 - 00000000 ____D C:\Users\Oraa Main\Desktop\UltraRO v3
2017-06-29 17:14 - 2017-04-29 08:59 - 00000000 ____D C:\Users\Oraa Main\Desktop\Games
2017-06-29 04:25 - 2016-02-19 01:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 13:47 - 2017-05-15 00:43 - 00135168 ___SH C:\Users\Oraa Main\Thumbs.db
2017-06-23 15:32 - 2016-02-17 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-23 12:41 - 2016-03-08 16:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\vlc
2017-06-21 18:05 - 2016-02-17 17:34 - 00001200 _____ C:\Users\Oraa Main\Desktop\Steam - Shortcut.lnk
==================== Files in the root of some directories =======
2017-02-28 17:23 - 2017-02-28 17:25 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-04-02 22:00 - 2017-04-28 15:06 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-03 12:42 - 2016-04-03 12:42 - 0000046 _____ () C:\Users\Oraa Main\AppData\Roaming\Camdata.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamLayout.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamShapes.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0004510 _____ () C:\Users\Oraa Main\AppData\Roaming\CamStudio.cfg
2016-11-18 17:03 - 2017-01-13 00:37 - 0000392 _____ () C:\Users\Oraa Main\AppData\Roaming\WB.CFG
2016-04-03 07:53 - 2016-04-03 07:53 - 0000038 ___SH () C:\Users\Oraa Main\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-18 23:40 - 2016-08-15 02:46 - 0006144 _____ () C:\Users\Oraa Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 12:18 - 2016-04-03 12:18 - 0004912 _____ () C:\ProgramData\lbogtyso.zat
2016-04-03 12:18 - 2016-04-03 12:18 - 0000016 _____ () C:\ProgramData\mntemp
Files to move or delete:
====================
C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job
Some files in TEMP:
====================
2017-05-30 06:39 - 2017-05-24 14:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Common.dll
2017-05-30 06:39 - 2017-05-24 14:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-InstallerUtils.dll
2017-05-30 06:39 - 2017-05-24 14:54 - 0187416 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-LibraryHandler.dll
2017-05-30 06:39 - 2017-05-24 14:53 - 0246808 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-Logger-Native.dll
2017-05-30 06:39 - 2017-05-24 14:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Uninstaller.exe
2017-03-16 15:33 - 2017-03-16 15:33 - 14456872 _____ (Microsoft Corporation) C:\Users\Oraa Main\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-15 06:02
==================== End of FRST.txt ============================