Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

my antivirus and window defender cannot active [Solved]

Started by fandy , Sep 18 2015 03:36 PM

This topic is locked

#1
fandy

Posted 18 September 2015 - 03:36 PM

Member

Member
12 posts

i have a windows 8.1 64bit

and my antivirus is avast, i dont really remerber when it happen but my antivirus can't do any scan or actived.
I have try re-install it but still can't scan

sorry for my bad english btw

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015

Ran by Rifandi (administrator) on RIP (19-09-2015 04:32:07)

Running from C:\Users\Rifandi\Desktop

Loaded Profiles: Rifandi (Available Profiles: Rifandi)

Platform: Windows 8.1 Pro (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Atheros Commnucations) C:\Windows\System32\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\SysWOW64\ChgService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

() C:\Program Files (x86)\Join Air\AssistantServices.exe

(Microsoft Corporation) C:\Users\Rifandi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(FileProperties_CompanyName) C:\Program Files (x86)\help4u\help4u_notification_service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-12-20] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [713728 2010-12-16] ()

HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-06] (Adobe Systems Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [TornTv Downloader] => C:\Users\Rifandi\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [Only-search] => C:\Users\Rifandi\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [GoogleChromeAutoLaunch_2044B68C092258CC6B61BEF807401E47] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-12] (Google Inc.)

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3882576 2014-12-12] (Tonec Inc.)

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe [962224 2015-03-24] (Adobe Systems Incorporated)

AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)

AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)

AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartupModem.lnk [2014-01-28]

ShortcutTarget: StartupModem.lnk -> C:\Program Files (x86)\3G Connect\StartUpRun.exe ()

Startup: C:\Users\Rifandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2014-10-22]

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

Startup: C:\Users\Rifandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-10-30]

ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Rifandi\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

Tcpip\..\Interfaces\{659EBD27-2A47-4029-8B7F-C20452FF1B3D}: [DhcpNameServer] 192.168.43.1

Tcpip\..\Interfaces\{970D6D83-F3E5-4CA0-B64D-27F554407A29}: [DhcpNameServer] 202.0.107.1 202.0.107.2

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AtCtAzz0CyCyCyB0E0D0EtN0D0Tzu0SyByCyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1961462397&ir=

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AtCtAzz0CyCyCyB0E0D0EtN0D0Tzu0SyByCyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1961462397&ir=

SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B6BD2ED05A138C66&affID=129300&tsp=5416

SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-04] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-04] (Oracle Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-06] (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-06] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll [2014-02-04] (MySearchDial)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-06] (Adobe Systems Incorporated)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll [2014-02-04] (MySearchDial)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-06] (Adobe Systems Incorporated)

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1395502286&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9KD102731

FireFox:

========

FF ProfilePath: C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default

FF NewTab:

FF Homepage: about:home

FF Keyword.URL:

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-04] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-04] (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1232603322-3645337139-1979953262-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rifandi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)

FF user.js: detected! => C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\user.js [2014-03-22]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-01-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-01-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-01-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-01-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-01-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Rifandi\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Rifandi\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-13] (Cisco WebEx LLC)

FF SearchPlugin: C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\searchplugins\MyOnlineSearch.xml [2014-10-30]

FF SearchPlugin: C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\searchplugins\onlysearchkms.xml [2014-10-30]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml [2014-03-22]

FF Extension: SavePass 1.2 - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\[email protected] [2015-08-19]

FF Extension: YoutubeAdblocker - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\[email protected] [2014-02-04]

FF Extension: anonymoX - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\[email protected] [2014-01-25]

FF Extension: SQLite Manager - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\[email protected] [2015-06-09]

FF Extension: Themes Menu - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\{84625510-7e5d-11e0-a411-0800200c9a66}.xpi [2014-10-30]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\extensions\[email protected]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-09-09]

FF HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Rifandi\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Rifandi\AppData\Roaming\IDM\idmmzcc5 [2015-09-19]

FF HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Rifandi\AppData\Roaming\IDM\idmmzcc5

Chrome:

=======

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]

CHR Extension: (Google Drive) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]

CHR Extension: (Earth View from Google Earth) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2014-11-17]

CHR Extension: (YouTube) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]

CHR Extension: (The Elder Scrolls Online - Theme) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodeacmfbgjollphdaehplmjobapnbin [2015-06-30]

CHR Extension: (Google Search) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]

CHR Extension: (Adblock Plus) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmppbpipefbijnpmokkcfnedohbiije [2015-04-12]

CHR Extension: (Google Docs Offline) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]

CHR Extension: (Privacy manager) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd [2014-02-04]

CHR Extension: (YoutubeAdblocker) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoghcmfjgopofakhllpdmflopkhccoj [2014-02-04]

CHR Extension: (Advanced REST client) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2015-05-09]

CHR Extension: (YYTBoOkMark) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjboicapmacdaecgldenkpdcdkkifgc [2014-02-04]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]

CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-06-30]

CHR Extension: (IDM Integration Module) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-06-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]

CHR Extension: (Adblock Pro) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-06-30]

CHR Extension: (gREatSaveer) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefifkdlbdfmnhdkbagencoidhfjcich [2014-02-04]

CHR Extension: (Currently) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-11-17]

CHR Extension: (Quick start) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-22]

CHR Extension: (Gmail) - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Rifandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)

R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2009-08-20] () [File not signed]

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [246272 2009-07-15] () [File not signed]

R2 VSSS; C:\Users\Rifandi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103523264 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-07-15] (Qualcomm Atheros Communications, Inc.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 fcusbser; C:\Windows\system32\DRIVERS\fcusbser.sys [119552 2010-06-03] (BM)

S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-02-27] ()

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 SDGame; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\D:\GAMES\VMLaunch\BuddyVM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 04:32 - 2015-09-19 04:32 - 00035133 _____ C:\Users\Rifandi\Desktop\FRST.txt

2015-09-19 04:32 - 2015-09-19 04:32 - 00000000 ____D C:\FRST

2015-09-19 04:28 - 2015-09-19 04:28 - 02191360 _____ (Farbar) C:\Users\Rifandi\Desktop\FRST64.exe

2015-09-19 04:03 - 2015-09-19 04:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Rifandi\Downloads\rkill.com

2015-09-19 02:29 - 2015-09-19 01:56 - 00427636 _____ C:\Users\Rifandi\Documents\Backup_of_Font.cdr

2015-09-19 01:56 - 2015-09-19 02:29 - 00427689 _____ C:\Users\Rifandi\Documents\Font.cdr

2015-09-19 00:19 - 2015-09-19 00:20 - 00000000 ____D C:\ProgramData\Avg

2015-09-19 00:16 - 2015-09-19 00:16 - 00000000 ____D C:\Users\Rifandi\AppData\Local\Avg2014

2015-09-18 14:24 - 2015-09-19 00:20 - 00000000 ____D C:\Program Files (x86)\AVG

2015-09-18 11:14 - 2015-09-18 11:14 - 00000258 _____ C:\Users\Rifandi\Documents\CorelDRAW Graphics Suite X5.txt

2015-09-18 11:07 - 2015-09-18 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5

2015-09-18 10:59 - 2015-09-18 11:04 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64

2015-09-18 08:57 - 2015-09-19 00:20 - 00000000 ____D C:\Users\Rifandi\AppData\Local\AvgSetupLog

2015-09-18 08:56 - 2015-09-18 08:56 - 00000000 ____D C:\Users\Rifandi\AppData\Local\Avg

2015-09-18 08:53 - 2015-09-18 08:57 - 00000000 ____D C:\ProgramData\Protexis

2015-09-18 08:53 - 2015-09-18 08:53 - 00000000 ____D C:\Users\Rifandi\AppData\Roaming\Corel

2015-09-18 08:50 - 2015-09-18 11:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0

2015-09-18 08:49 - 2015-09-18 11:09 - 00000000 ____D C:\ProgramData\Corel

2015-09-18 08:45 - 2015-09-18 08:45 - 00000000 ____D C:\Program Files (x86)\Corel

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\ZNZUJ1KC.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\YB8FRRCJ.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\X1ZWBCHI.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\W04V9Y20.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\R5UVZL04.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\ICJKVJ4B.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\9GOV2WKR.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\39Y7K2I0.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 01415680 _____ (wj32) C:\Program Files\31XFGLPK.exe

2015-09-10 15:19 - 2015-09-10 15:19 - 01415680 _____ (wj32) C:\Program Files\AET6IA57.exe

2015-09-10 15:10 - 2015-03-02 18:22 - 202313264 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_premier_antivirus_setup.exe

2015-09-10 15:05 - 2015-09-10 15:05 - 01415680 _____ (wj32) C:\Program Files\TUYNETRG.exe

2015-09-10 14:56 - 2015-09-10 14:57 - 00008278 _____ C:\Users\Rifandi\Documents\Uninstall Dragon Age Origins.log

2015-09-09 22:36 - 2015-09-09 22:36 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2015-09-09 22:29 - 2015-09-09 22:29 - 00000000 ____D C:\ProgramData\ALM

2015-09-09 22:27 - 2015-09-09 22:27 - 00000000 ____D C:\Users\Rifandi\Adobe Flash Builder 4.6

2015-09-09 22:24 - 2015-09-09 22:24 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk

2015-09-09 22:24 - 2015-09-09 22:24 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk

2015-09-09 22:24 - 2015-09-09 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

2015-09-09 22:21 - 2015-09-09 22:21 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk

2015-09-09 22:21 - 2015-09-09 22:21 - 00000000 ____D C:\Program Files (x86)\My Company Name

2015-09-09 22:21 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys

2015-09-09 22:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys

2015-09-09 22:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys

2015-09-09 22:19 - 2015-09-09 22:19 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

2015-09-09 22:19 - 2015-09-09 22:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2015-09-09 22:19 - 2015-09-09 22:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2015-09-09 22:16 - 2015-09-09 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6

2015-09-09 22:16 - 2015-09-09 22:35 - 00000000 ____D C:\Program Files\Adobe

2015-09-09 22:15 - 2015-09-09 22:35 - 00000000 ____D C:\Program Files\Common Files\Adobe

2015-09-09 22:11 - 2015-09-10 14:17 - 00000000 ____D C:\Users\Rifandi\AppData\Local\Adobe

2015-09-09 22:11 - 2015-09-09 22:36 - 00000000 ____D C:\ProgramData\Adobe

2015-09-03 11:16 - 2015-09-03 11:16 - 01415680 _____ (wj32) C:\Program Files\O6YOYI62.exe

2015-09-03 11:16 - 2015-09-03 11:16 - 01415680 _____ (wj32) C:\Program Files\B3T3NBZJ.exe

2015-09-03 09:54 - 2015-09-03 09:54 - 01415680 _____ (wj32) C:\Program Files\J5PP7DXH.exe

2015-08-30 23:33 - 2015-08-30 23:33 - 01415680 _____ (wj32) C:\Program Files\9TAOZDU8.exe

2015-08-30 23:32 - 2015-08-30 23:32 - 01415680 _____ (wj32) C:\Program Files\2WKICE8A.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 04:32 - 2013-12-22 10:05 - 00000000 ____D C:\Users\Rifandi\AppData\Roaming\DMCache

2015-09-19 04:19 - 2013-12-20 20:53 - 00001028 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-19 04:18 - 2013-12-20 20:47 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0217303C-CD5D-4BA1-8084-41BF826BC10F}

2015-09-19 04:03 - 2015-04-06 23:03 - 00001302 _____ C:\Windows\Tasks\help4u_notification_service.job

2015-09-19 04:03 - 2015-04-06 23:03 - 00000664 _____ C:\Windows\Tasks\help4u_updating_service.job

2015-09-19 04:00 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\sru

2015-09-19 03:24 - 2014-05-24 19:33 - 00000000 ____D C:\Users\Rifandi\AppData\Roaming\IDM

2015-09-19 01:44 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\LiveKernelReports

2015-09-19 01:03 - 2015-04-07 00:03 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-09-19 00:36 - 2013-12-20 11:58 - 01379563 _____ C:\Windows\WindowsUpdate.log

2015-09-19 00:28 - 2013-12-20 14:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1232603322-3645337139-1979953262-1001

2015-09-19 00:25 - 2013-12-31 12:58 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2015-09-19 00:23 - 2015-03-25 18:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2015-09-19 00:23 - 2013-12-22 12:26 - 00000000 ____D C:\ProgramData\AVAST Software

2015-09-19 00:23 - 2013-12-22 09:35 - 00000000 ____D C:\ProgramData\NVIDIA

2015-09-19 00:23 - 2013-12-20 20:53 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-19 00:23 - 2013-12-20 14:24 - 00000000 ____D C:\ProgramData\MFAData

2015-09-19 00:23 - 2013-09-30 11:02 - 01212318 _____ C:\Windows\PFRO.log

2015-09-19 00:23 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\tracing

2015-09-19 00:23 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-19 00:22 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-09-19 00:12 - 2013-09-30 11:14 - 00005392 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-18 14:28 - 2013-08-22 22:36 - 00000000 ___HD C:\Windows\ELAMBKUP

2015-09-18 14:20 - 2013-08-22 21:44 - 05378416 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-18 11:12 - 2014-01-27 23:24 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X5

2015-09-18 11:11 - 2014-01-26 11:53 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-18 10:44 - 2013-08-22 21:46 - 00191074 _____ C:\Windows\setupact.log

2015-09-18 08:50 - 2015-07-08 20:52 - 00000000 ____D C:\Program Files\Internet Download Manager

2015-09-13 23:38 - 2013-12-20 20:53 - 00000000 ____D C:\Users\Rifandi\AppData\Local\Google

2015-09-10 14:57 - 2014-11-17 16:32 - 00000000 ____D C:\ProgramData\BioWare

2015-09-10 14:54 - 2014-12-16 13:13 - 00000000 ____D C:\Program Files (x86)\Steam

2015-09-10 13:35 - 2013-12-20 11:59 - 00000000 ____D C:\Users\Rifandi\AppData\Roaming\Adobe

2015-09-09 22:34 - 2015-02-18 21:56 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-09-09 22:27 - 2013-12-20 11:58 - 00000000 ____D C:\Users\Rifandi

2015-09-01 20:14 - 2013-12-20 20:53 - 00004000 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-01 20:14 - 2013-12-20 20:53 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-01 19:51 - 2013-10-23 11:30 - 00000000 ____D C:\Users\Rifandi\Downloads\Wallpaper

2015-08-30 23:34 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness

2015-08-24 20:46 - 2014-09-27 14:54 - 00000000 ____D C:\Program Files (x86)\Origin

2015-08-22 11:22 - 2013-12-22 09:00 - 00000000 ____D C:\Users\Rifandi\AppData\Roaming\CodeBlocks

2015-08-20 05:35 - 2013-12-20 11:59 - 00000000 ____D C:\Users\Rifandi\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-08-30 23:32 - 2015-08-30 23:32 - 1415680 _____ (wj32) C:\Program Files\2WKICE8A.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\31XFGLPK.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\39Y7K2I0.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\9GOV2WKR.exe

2015-08-30 23:33 - 2015-08-30 23:33 - 1415680 _____ (wj32) C:\Program Files\9TAOZDU8.exe

2015-09-10 15:19 - 2015-09-10 15:19 - 1415680 _____ (wj32) C:\Program Files\AET6IA57.exe

2015-09-03 11:16 - 2015-09-03 11:16 - 1415680 _____ (wj32) C:\Program Files\B3T3NBZJ.exe

2015-06-27 04:47 - 2015-06-27 04:47 - 1415680 _____ (wj32) C:\Program Files\F7N7RDTD.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\ICJKVJ4B.exe

2015-06-28 14:44 - 2015-06-28 14:44 - 1415680 _____ (wj32) C:\Program Files\IRJS8N3R.exe

2015-09-03 09:54 - 2015-09-03 09:54 - 1415680 _____ (wj32) C:\Program Files\J5PP7DXH.exe

2015-09-03 11:16 - 2015-09-03 11:16 - 1415680 _____ (wj32) C:\Program Files\O6YOYI62.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\R5UVZL04.exe

2015-09-10 15:05 - 2015-09-10 15:05 - 1415680 _____ (wj32) C:\Program Files\TUYNETRG.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\W04V9Y20.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\X1ZWBCHI.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\YB8FRRCJ.exe

2015-07-22 13:25 - 2015-07-22 13:25 - 1415680 _____ (wj32) C:\Program Files\YIWGU8PH.exe

2015-09-10 15:23 - 2015-09-10 15:23 - 1415680 _____ (wj32) C:\Program Files\ZNZUJ1KC.exe

2013-12-20 12:04 - 2014-10-22 23:47 - 0007605 _____ () C:\Users\Rifandi\AppData\Local\Resmon.ResmonCfg

2014-11-18 16:11 - 2014-11-18 16:11 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{28B07EFD-C22E-4EAF-BB9A-886224995B4E}

2014-11-22 20:25 - 2014-11-22 20:25 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{918915E7-62D3-4955-BD85-3C711153C0F0}

2014-11-21 17:59 - 2014-11-21 17:59 - 0000000 _____ () C:\Users\Rifandi\AppData\Local\{DE111176-0A34-4308-8E0C-5FC04B4A97A7}

2013-12-22 10:35 - 2013-12-22 10:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2013-08-22 10:56 - 2013-08-22 10:56 - 68792320 ___SH () C:\ProgramData\msctqoijn.exe

Files to move or delete:

====================

C:\ProgramData\msctqoijn.exe

Some files in TEMP:

====================

C:\Users\Rifandi\AppData\Local\Temp\15403.exe

C:\Users\Rifandi\AppData\Local\Temp\26349.exe

C:\Users\Rifandi\AppData\Local\Temp\9w0z7hhv.dll

C:\Users\Rifandi\AppData\Local\Temp\AutoRun.exe

C:\Users\Rifandi\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Rifandi\AppData\Local\Temp\avg-0d57d41c-69a9-4d1f-ad46-a451f87f8704.exe

C:\Users\Rifandi\AppData\Local\Temp\avg-437f951d-ef0d-4914-8bd2-a57dbd1c2d51.exe

C:\Users\Rifandi\AppData\Local\Temp\avg-f26c3a2b-1a46-4946-91e2-dc349aa1d27b.exe

C:\Users\Rifandi\AppData\Local\Temp\AVGTBInstall.exe

C:\Users\Rifandi\AppData\Local\Temp\bassmod.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo1012559675.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo1884421863.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo1947574289.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo2320784150.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo279897222.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo2965365908.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo3081841414.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo3085677782.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo3203406440.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo3261657765.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo3348599862.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo483604587.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo653551628.dll

C:\Users\Rifandi\AppData\Local\Temp\cdo740167257.dll

C:\Users\Rifandi\AppData\Local\Temp\down.5564.OptimizerProInstaller.exe

C:\Users\Rifandi\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Rifandi\AppData\Local\Temp\drm_dyndata_7360010.dll

C:\Users\Rifandi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrxywa.dll

C:\Users\Rifandi\AppData\Local\Temp\EAInstall.dll

C:\Users\Rifandi\AppData\Local\Temp\eauninstall.exe

C:\Users\Rifandi\AppData\Local\Temp\FreeAvastLicenseFile2015__11652_il77739.exe

C:\Users\Rifandi\AppData\Local\Temp\jre-8u40-windows-au.exe

C:\Users\Rifandi\AppData\Local\Temp\KB157937515.exe

C:\Users\Rifandi\AppData\Local\Temp\MySearchDial.exe

C:\Users\Rifandi\AppData\Local\Temp\nv3DVStreaming.dll

C:\Users\Rifandi\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Rifandi\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\Rifandi\AppData\Local\Temp\nvStInst.exe

C:\Users\Rifandi\AppData\Local\Temp\oi_{E3BDEA52-C4B7-4ABC-A0C4-19DE141CBCF7}.exe

C:\Users\Rifandi\AppData\Local\Temp\onlysetup.exe

C:\Users\Rifandi\AppData\Local\Temp\ose00000.exe

C:\Users\Rifandi\AppData\Local\Temp\ose00002.exe

C:\Users\Rifandi\AppData\Local\Temp\res.dll

C:\Users\Rifandi\AppData\Local\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll

C:\Users\Rifandi\AppData\Local\Temp\TELKOMSELFlash SU-9000 Install.exe

C:\Users\Rifandi\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe

C:\Users\Rifandi\AppData\Local\Temp\TsuF605ED4F.dll

C:\Users\Rifandi\AppData\Local\Temp\utt40F4.tmp.exe

C:\Users\Rifandi\AppData\Local\Temp\VP6Install.exe

C:\Users\Rifandi\AppData\Local\Temp\VP6VFW.dll

C:\Users\Rifandi\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Rifandi\AppData\Local\Temp\[OOP]Arfan_131402021_04.exe

C:\Users\Rifandi\AppData\Local\Temp\_isA208.exe

C:\Users\Rifandi\AppData\Local\Temp\{6DCC0AC0-6630-4153-B6D9-371220D47689}-32.0.1700.107_32.0.1700.102_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-12 14:00

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by Rifandi (2015-09-19 04:33:15)

Running from C:\Users\Rifandi\Desktop

Windows 8.1 Pro (X64) (2013-12-20 04:58:43)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1232603322-3645337139-1979953262-500 - Administrator - Disabled)

Guest (S-1-5-21-1232603322-3645337139-1979953262-501 - Limited - Disabled)

Rifandi (S-1-5-21-1232603322-3645337139-1979953262-1001 - Administrator - Enabled) => C:\Users\Rifandi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Ambulant Player 2.4 (HKLM-x32\...\Ambulant Player 2.4) (Version: 2.4 - Centrum voor Wiskunde en Informatica)

Apache Tomcat 8.0.15 (HKLM-x32\...\nbi-tomcat-8.0.15.0.0) (Version: - )

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Artificial Girl 3 (HKLM-x32\...\{9F0B447F-7E14-4BB9-BCFE-1D5C06F7EE35}) (Version: 1.5 - ILLUSION)

Battlefield 4 Update 1 (HKLM-x32\...\QmF0dGxlZmllbGQ0_is1) (Version: 1 - )

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden

Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)

Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.)

CodeBlocks (HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)

Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)

Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden

Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)

Devil May Cry 5 - Complete Edition version 1.0.0 (HKLM-x32\...\Devil May Cry 5 - Complete Edition_is1) (Version: 1.0.0 - Capcom)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)

Dolphin 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Development Team)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden

Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - )

DreadOut (HKLM-x32\...\DreadOut_is1) (Version: - )

Dropbox (HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Empire Earth III (HKLM-x32\...\{B17E235C-7A3B-4482-B650-21FFDE1D452E}) (Version: 1.00.0000 - Sierra Entertainment)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)

Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden

Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)

GlassFish Server Open Source Edition 4.1 (HKLM-x32\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden

GReaatsaver (HKLM-x32\...\{CA41BB14-E67B-1653-C57B-5CA99418A866}) (Version: 4.3.0.1718 - gureATsuavear) <==== ATTENTION

HSPA Modem version 1.5 (HKLM-x32\...\3G Connect Normal Version 6280 USB_is1) (Version: - )

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )

ILLUSION ワケあり！ (HKLM-x32\...\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}) (Version: 1.00.0000 - ILLUSION)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)

Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE)

Just Cause 2 (HKLM-x32\...\Just Cause 2_is1) (Version: - R.G.Âèíòèê è Øïóíòèê)

KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )

KMSpico v9.0.6.20131120 (HKLM\...\KMSpico_is1) (Version: 9.0.6.20131120 - )

LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden

LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden

Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)

Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)

Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)

Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)

Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)

Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)

Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)

Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Middle-Earth - Shadow of Mordor (by Hommy Games) (HKLM-x32\...\{3E74CDB4-8B8F-4640-BE71-4B66886615F7}_is1) (Version: 1.0.1636.20 - )

Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MPC-HC 1.7.1 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.1.0 - MPC-HC Team)

Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )

NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )

NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)

NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)

Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )

Prototype 2 (HKLM-x32\...\Prototype 2_is1) (Version: Prototype 2 - )

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )

RapeLay (remove only) (HKLM-x32\...\RapeLay) (Version: - )

RAR Password Recovery v1.1 RC16 (remove only) (HKLM-x32\...\Intelore - RAR Password Recovery) (Version: - )

RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)

Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

SavePass 1.1 (HKLM-x32\...\SavePass 1.1) (Version: 1.35.3.9 - OB) <==== ATTENTION

School Mate 2 (HKLM-x32\...\{BC980840-FC67-4027-9055-251136406614}_is1) (Version: 1.3 - randompirate)

Sexy Beach 3 - Complete English Edition (remove only) (HKLM-x32\...\Sexy Beach 3 - Complete English Edition) (Version: - )

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version: 1.0 - PLAZA)

System Requirements Lab Detection (HKLM-x32\...\{2C9D426D-3F38-4B1A-BAC5-DEC1212BB852}) (Version: 2.2.4.0 - Husdawg, LLC)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TELKOMSELFlash SU-9000 version 5.117 (HKLM-x32\...\TELKOMSELFlash SU-9000 version_is1) (Version: - )

The Sims" 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)

The Sims" 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)

The Sims" 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)

The Sims" 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)

The Sims" 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)

The Sims" 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)

The Sims" 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

The Sims" 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)

The Sims" 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)

The Sims" 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)

The Sims" 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)

The Sims" 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)

The Sims" 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)

The Sims" 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)

The Sims" 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)

The Sims" 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)

The Sims" 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)

The Sims" 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)

The Sims" 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)

The Sims" 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)

The Sims" 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)

The Sims™ 3 + Expansions Uninstaller (HKLM-x32\...\The Sims™ 3 + Expansions Uninstaller) (Version: 1.0.0.11 - Electronic Arts)

Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)

TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )

UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version: - )

Unity Web Player (HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Watch Dogs (HKLM-x32\...\Watch Dogs_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden

WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )

XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)

YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.2.0.1591 - YoutubeAdblocker) <==== ATTENTION

YoutubeAdblocker (HKLM-x32\...\{CF830981-8F31-C561-C7A0-FE2CE1878B40}) (Version: 4.2.0.1447 - YoutubeAdblocker) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1232603322-3645337139-1979953262-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AAB2F86-2217-46D4-8004-88F4A8F9C72E} - System32\Tasks\help4u_notification_service => C:\Program Files (x86)\help4u\help4u_notification_service.exe [2015-04-06] (FileProperties_CompanyName) <==== ATTENTION

Task: {351C2021-978E-48D5-8B8E-18C5D168A284} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {3A8AF67F-D4A2-4830-93C5-666CBB8285DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {3B5AD782-9EA1-448B-BCC2-9383C65F05A3} - System32\Tasks\{6BA0FAB1-B899-472D-AFB0-B490EA3BD58D} => pcalua.exe -a "G:\Cai Dat Game\setup.exe" -d "G:\Cai Dat Game"

Task: {3E9BB584-BAB7-4855-AC19-11D577E342ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {41A93C16-4B1F-449F-9AD6-AEECC8A9FBE7} - System32\Tasks\{CBE073F7-A1DD-4027-B793-2EE54ADF6B0C} => pcalua.exe -a F:\Sims2EP1\eauninstall.exe -d F:\Sims2EP1

Task: {5D9B967E-9E0F-4213-BA24-896CDCB181B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)

Task: {81DCD15E-230D-458D-9943-3D597965D212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {8C1B1656-0D90-4DD7-B839-30970D425D89} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {96B7DC84-1C5F-4AC1-8EF8-D697CE121B1A} - System32\Tasks\{8627B382-5A88-4FF9-A728-51F1974DF348} => pcalua.exe -a F:\AutoRun.exe -d F:\

Task: {A1EEE3CA-8222-464D-BD7C-0E48D2C118DF} - System32\Tasks\help4u_updating_service => C:\Program Files (x86)\help4u\help4u_updating_service.exe [2015-04-06] () <==== ATTENTION

Task: {AC9DE117-FBDF-48AC-ACE6-122B0835D672} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-20] ()

Task: {C5EA213E-BFBF-436F-B6B2-DF62BD727E8A} - System32\Tasks\EPUpdater => C:\Users\Rifandi\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\64b5c250-015d-48b5-b157-300a8e3bfe82.job => C:\Program Files (x86)\SavePass 1.1\64b5c250-015d-48b5-b157-300a8e3bfe82.exe <==== ATTENTION

Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-1.job => C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe <==== ATTENTION

Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-11.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-11.exe <==== ATTENTION

Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-2.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-2.exe <==== ATTENTION

Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.exe <==== ATTENTION

Task: C:\Windows\Tasks\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5_user.job => C:\Program Files (x86)\SavePass 1.1\c04fc0ec-79d8-4759-ba86-ee0ffb49fea0-5.exe <==== ATTENTION

Task: C:\Windows\Tasks\c6f17427-280e-44d4-88bc-561c1fe0d308.job => C:\Program Files (x86)\SavePass 1.1\c6f17427-280e-44d4-88bc-561c1fe0d308.exeȘ/agentregpath='SavePass 1.1' /appid=63429 /srcid='001504' /subid='0' /zdata='0' /bic=2827820446154BECB360AC217BBD185EIE /verifier=a2bd8b9c017cd558c9844388bde7f117 /installerversion=1_35_09_03 /installationtime=1410537375 /statsdomain=http:/stats.newclientgenservice.com /errorsdomain=http:/errors.newclientgenservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newclientgenservice.com <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\help4u_notification_service.job => C:\Program Files (x86)\help4u\help4u_notification_service.exeǢ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='help4u' /appid='73143' /srcid='2913' /bic='3c4f7bfbe922fc9e30d0f7a9a7b1bbad' /verifier='1d6ae977715d5d15586c376a4be34ff3' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION

Task: C:\Windows\Tasks\help4u_updating_service.job => C:\Program Files (x86)\help4u\help4u_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=help4u_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-12-22 09:35 - 2014-05-20 08:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-01-28 01:16 - 2009-08-20 14:22 - 00135168 _____ () C:\Windows\SysWOW64\ChgService.exe

2013-12-21 09:45 - 2009-07-15 09:37 - 00246272 _____ () C:\Program Files (x86)\Join Air\AssistantServices.exe

2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-12-20 19:59 - 2013-08-23 05:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-05-25 21:18 - 2014-05-25 21:18 - 00036536 ____N () C:\Program Files\Rainmeter\Rainmeter.exe

2014-05-25 21:18 - 2014-05-25 21:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2014-05-25 21:17 - 2014-05-25 21:17 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll

2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-09-18 11:24 - 2015-09-12 07:22 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libglesv2.dll

2015-09-18 11:24 - 2015-09-12 07:22 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libegl.dll

2013-12-20 20:48 - 2013-08-08 13:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-09-18 11:24 - 2015-09-12 07:22 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rifandi\Downloads\Wallpaper\trafalgar-law-jolly-roger-one-piece.jpg

DNS Servers: 192.168.43.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "StartupModem.lnk"

HKLM\...\StartupApproved\Run32: => "UIExec"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "WinampAgent"

HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{1A06DCD8-8738-438C-8399-A80A5E0B8728}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{F2AE1ED8-46AE-444B-AB1C-B23A4870D723}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{09DDA33A-F684-498B-A248-1FF2A010503B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9240A9AF-274B-4D6B-80E5-BCEA62BEDD87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AB0F5B93-B492-45C8-8B0C-92E9C2A7B5EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8905FE43-37DD-48A5-8C71-4E849017C3B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{562750CB-3D48-4CEF-84F8-0554B9BF4601}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{BE82E2D9-F899-4F2B-A3E9-6B44EA1C87CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{EC871DAD-58DB-4A2C-BFBC-74D670725D1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{97A03C4D-04F4-4878-8797-A2A1557665C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{B6F7FC4E-3F4B-4469-98AC-6F6B3877AB22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{4F0DB9E4-E763-48D4-AF84-14834AFAF53C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{4A3E9165-9DB0-46EB-890F-DCE89376C612}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{20083BF8-F33B-4932-BBC1-7DAEE01E3710}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{588D0D49-B694-4391-BB67-4F279A9BA92C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{D7490F1E-D3BA-4A4D-93F6-A6D8A309FEC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{9B45E7F0-30EE-47DD-A6A3-5C61DFE3E55E}D:\games\prototype 2\prototype2.exe] => (Block) D:\games\prototype 2\prototype2.exe

FirewallRules: [UDP Query User{765FB244-EE57-4E0A-A1A8-4254A4AE4C90}D:\games\prototype 2\prototype2.exe] => (Block) D:\games\prototype 2\prototype2.exe

FirewallRules: [TCP Query User{19635119-F6FE-450D-91C7-B69050C4FBAD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [UDP Query User{70D36063-2C68-44E0-A9F2-6C99883C4168}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [TCP Query User{A49822FF-6416-4240-8E79-F95943201E2C}D:\games\konami\pro evolution soccer 2013\pes2013.exe] => (Block) D:\games\konami\pro evolution soccer 2013\pes2013.exe

FirewallRules: [UDP Query User{45DEE90E-9EBF-43F9-8799-998E83696311}D:\games\konami\pro evolution soccer 2013\pes2013.exe] => (Block) D:\games\konami\pro evolution soccer 2013\pes2013.exe

FirewallRules: [{775A3945-A3B4-4B4E-AFDF-0CCC57EB45F9}] => (Allow) %systemroot%\system32\alg.exe

FirewallRules: [TCP Query User{D891051F-84BD-4B10-923F-C293F54DD09E}D:\games\dota\war3.exe] => (Allow) D:\games\dota\war3.exe

FirewallRules: [UDP Query User{4C2C0E42-89CE-488C-8B12-F2392966F600}D:\games\dota\war3.exe] => (Allow) D:\games\dota\war3.exe

FirewallRules: [{27FB2FF6-1E02-4AF4-B515-BE58E7F66AED}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe

FirewallRules: [{D31A831A-E4FA-41E1-98ED-24EF2D307FDA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe

FirewallRules: [{07799367-4E73-4629-B22A-23952A4E3A98}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe

FirewallRules: [{D7FFEC2F-1027-45F8-BF55-9E803B26383D}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe

FirewallRules: [{3E856337-07D0-4D60-B6DE-E6B7F3221DA2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [{B0BA9B87-C926-41A7-B95D-6428E7C88BA7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [TCP Query User{E6622835-0D2A-4DEF-9567-5E451F3EA331}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [UDP Query User{C9C1066E-BE2F-49CC-99F8-50AAE4B9E3AE}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{E10061AB-4E65-496F-9FE1-55C9ED05FAD8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [TCP Query User{5FB4513F-2E57-47EF-A0FE-CE5F2E1615B9}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [UDP Query User{25006CC4-CE19-4424-946D-E20E4C243FD1}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [TCP Query User{CC65259C-1AA7-4F1C-9436-334BFA693245}D:\games\battle field 4\bf4_x86.exe] => (Block) D:\games\battle field 4\bf4_x86.exe

FirewallRules: [UDP Query User{E807EE63-8880-4009-AD1C-0BC5990364D9}D:\games\battle field 4\bf4_x86.exe] => (Block) D:\games\battle field 4\bf4_x86.exe

FirewallRules: [TCP Query User{66E425DA-B20D-4E19-9180-7A976439C34B}D:\games\left 4 dead\left4dead.exe] => (Block) D:\games\left 4 dead\left4dead.exe

FirewallRules: [UDP Query User{3A2BEAC6-C02C-4634-B01A-AE94B750A88E}D:\games\left 4 dead\left4dead.exe] => (Block) D:\games\left 4 dead\left4dead.exe

FirewallRules: [{8EC7C0D2-469D-425A-B1B6-B81075B83C37}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

FirewallRules: [{0EB4AB0D-4A4A-4D49-B669-6857DFBAAA39}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

FirewallRules: [{971E3028-9FB4-4F27-9B29-7DBC1424F8A5}] => (Allow) C:\Windows\System32\KMSServer.exe

FirewallRules: [{213EADAA-1CFE-4D58-9E21-C09621DE09D5}] => (Allow) C:\Windows\System32\KMSServer.exe

FirewallRules: [{EBCA317D-CC83-43ED-AAE3-74866A4DFFD5}] => (Allow) D:\GAMES\Dragon Nest SEA\DragonNest.exe

FirewallRules: [{E6B27D11-BF45-4183-A96A-5CB3D7C3791D}] => (Allow) D:\GAMES\Dragon Nest SEA\DragonNest.exe

FirewallRules: [{CCC5C3B9-E51F-4B73-8BC1-2D66C70840D9}] => (Allow) D:\GAMES\Dragon Nest SEA\DragonNest.exe

FirewallRules: [{B16D292D-99B8-4EA4-AC6F-0B9132F3EE53}] => (Allow) D:\GAMES\Dragon Nest SEA\DragonNest.exe

FirewallRules: [TCP Query User{90F7424A-8CFA-4BB1-BA55-EB24C74E71F7}D:\game installer\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Allow) D:\game installer\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [UDP Query User{D4C32738-7C8E-4867-9329-62743A543310}D:\game installer\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Allow) D:\game installer\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [{C19AF992-2A97-4322-9A2A-34F9139E6D1F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{02774A92-C7BD-44E0-A9F3-9549069A0057}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{275ECE94-FC70-494D-BD2F-49BB9652950D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{CE39FD7D-5A3D-4D17-8487-46323B83F7CD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [TCP Query User{BA753D81-75AA-4A12-9D7F-A2D1DAD7E556}D:\games\prototype 2\prototype2.exe] => (Block) D:\games\prototype 2\prototype2.exe

FirewallRules: [UDP Query User{185D5014-4109-4234-AA47-1DDBFF073CA9}D:\games\prototype 2\prototype2.exe] => (Block) D:\games\prototype 2\prototype2.exe

FirewallRules: [{DF926D87-1BE0-4685-88BB-E8509C8AA040}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe

FirewallRules: [{69799192-0148-4AFD-90AF-84E0FB23EB56}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe

FirewallRules: [TCP Query User{AF03422E-9BCC-4E54-A80E-890A78693EDF}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe

FirewallRules: [UDP Query User{1BB7E18C-5720-4F80-A26C-4B4D6759F5F1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe

FirewallRules: [TCP Query User{98AAD854-2D55-4A73-AC8D-7A754DCE2A6E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe

FirewallRules: [UDP Query User{22279E3E-2B1E-4548-947E-861FE12B4F2E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe

FirewallRules: [TCP Query User{20ACCA7D-677B-49C4-9FBB-1054D7DCC002}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe

FirewallRules: [UDP Query User{51AE80A9-24F9-41FC-B991-C92BA2F16493}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe

FirewallRules: [TCP Query User{FAAC8729-32D6-4E1E-B3A1-33EE26EC6DA9}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe

FirewallRules: [UDP Query User{6B59466B-7787-460A-8135-8584676DDD3D}C:\xampp\mercurymail\mercury.exe] => (Block) C:\xampp\mercurymail\mercury.exe

FirewallRules: [TCP Query User{B34030A8-37BC-4369-8E40-9E8593FCA786}D:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Allow) D:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [UDP Query User{1BC3E71A-6D5B-4055-A44D-20339D07333B}D:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Allow) D:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [{59C6CA05-CDA7-4977-AAA5-F11DEBD92122}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{3946D93A-3163-47B2-AE52-0217794C2B3F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{826D336A-FEFC-43BF-982B-BF5195301D96}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{38A36E27-11A4-455B-8519-9D9B9B6F35A4}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{DDF81497-B651-4F9B-872E-FEFDD9489202}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{2C6D4CCD-4DD9-47E8-9148-DE1C59A5A4AE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [{1D0F16D8-87B1-45A6-A597-ECA32834DB8D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe

FirewallRules: [TCP Query User{DDFCA80E-0E24-4BD5-BC1C-91CEB65A42B6}D:\games\farcry 3\bin\farcry3_d3d11.exe] => (Block) D:\games\farcry 3\bin\farcry3_d3d11.exe

FirewallRules: [UDP Query User{7BDAB37E-85AD-47D5-9232-DA4FBE791CC8}D:\games\farcry 3\bin\farcry3_d3d11.exe] => (Block) D:\games\farcry 3\bin\farcry3_d3d11.exe

FirewallRules: [{F6ACCA3B-0F7F-4BCB-9202-2382097D23B1}] => (Allow) C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{A835423B-9920-4C72-86A3-2FDE848D1AD0}] => (Allow) C:\Users\Rifandi\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{0B1F268B-D381-43B7-96D5-8091703066EC}D:\games\divinity original sin\shipping\eocapp.exe] => (Block) D:\games\divinity original sin\shipping\eocapp.exe

FirewallRules: [UDP Query User{6306DE96-53C2-439D-A523-9E26BFC2D7D2}D:\games\divinity original sin\shipping\eocapp.exe] => (Block) D:\games\divinity original sin\shipping\eocapp.exe

FirewallRules: [TCP Query User{08EE761A-7CD2-49B4-8627-8534CC0A0158}H:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Block) H:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [UDP Query User{63B09064-974F-4436-B236-ABE88D1D683F}H:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe] => (Block) H:\game installer\yu-gi-oh!\ygopro-1.032.1-v2-percy-full\ygopro_vs.exe

FirewallRules: [TCP Query User{F1617650-D557-4FD9-910D-86489DA5B55A}D:\games\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\outlast\outlast\binaries\win64\olgame.exe

FirewallRules: [UDP Query User{F0C3E966-0FA0-4118-AE9B-45599BC8E5EB}D:\games\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\outlast\outlast\binaries\win64\olgame.exe

FirewallRules: [{515B5948-489D-48C0-9607-0E2E1BBCC843}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{4A95A6AD-35AF-4038-BA25-01A1ADA3EAB6}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [TCP Query User{6E87AF5C-8E18-490A-A9A5-1C8E3CC9623F}C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe

FirewallRules: [UDP Query User{4DE8BECB-1C50-478D-A1DD-6450237F7C27}C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\rifandi\appdata\roaming\torntv.com\torntv downloader.exe

FirewallRules: [{2A58B125-FA27-4763-923F-962854AC4C64}] => (Allow) C:\Users\Rifandi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{16606177-8490-41B5-8A89-817542833D73}] => (Allow) C:\Users\Rifandi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{1B01E919-DD5D-4C53-9A08-6FA46EC14E69}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe

FirewallRules: [UDP Query User{983E342C-763C-4F85-B0F9-48B66631F44F}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe

FirewallRules: [TCP Query User{9C6A7B15-3DE6-4258-9CE7-8FCCBBDE7FE6}D:\games\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) D:\games\stronghold crusader 2\bin\win32_release\crusader2.exe

FirewallRules: [UDP Query User{CB15A0A3-D243-43D8-9621-0FFD3B91B959}D:\games\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) D:\games\stronghold crusader 2\bin\win32_release\crusader2.exe

FirewallRules: [{CE95B2B9-8A50-4D43-A53B-967115E4BA08}] => (Allow) D:\GAMES\Sierra Entertainment\Empire Earth III\EE3.exe

FirewallRules: [{743E21E2-9067-4D72-9CB8-58CC60AF37F4}] => (Allow) D:\GAMES\Sierra Entertainment\Empire Earth III\EE3.exe

FirewallRules: [{53AF91DF-0050-4B9B-8981-DF6F4FB160B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{3A971CE2-F559-42D0-93F3-4A2365E792F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{8BEE11D2-7F86-4B46-9669-E96517FC5AB7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{6F618C98-4506-4A99-98C2-AAE190AA3A9B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{FFBFA651-18E8-4F3C-BDD7-0BB25117FE71}] => (Allow) D:\GAMES\SteamLibrary\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{E83DC855-BB23-47A9-85A7-E165E628CA83}] => (Allow) D:\GAMES\SteamLibrary\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [TCP Query User{C438FD29-9201-4750-BCE5-C78BD9D3DB2B}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Block) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe

FirewallRules: [UDP Query User{DC7E8C51-20F3-4920-BE94-5FD0B64F8789}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Block) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe

FirewallRules: [TCP Query User{4F71FC4A-674D-4914-9235-9C566EF79522}D:\games\battle field 4\bf4.exe] => (Allow) D:\games\battle field 4\bf4.exe

FirewallRules: [UDP Query User{CD03D387-6214-43AC-8C63-B342DF7E224A}D:\games\battle field 4\bf4.exe] => (Allow) D:\games\battle field 4\bf4.exe

FirewallRules: [TCP Query User{406C305E-219C-4CF8-AA6D-FEE4ADAF9D6A}D:\games\company of heroes\bugreport\bugreport.exe] => (Block) D:\games\company of heroes\bugreport\bugreport.exe

FirewallRules: [UDP Query User{0C7D59B2-DDA8-434C-8400-65A342A9D1F2}D:\games\company of heroes\bugreport\bugreport.exe] => (Block) D:\games\company of heroes\bugreport\bugreport.exe

FirewallRules: [{9DDF3AC0-45AA-4706-83DD-4AB1E6C059D0}] => (Allow) D:\GAMES\SteamLibrary\steamapps\common\Aura Kingdom\game.bin

FirewallRules: [{7C11A026-5E0B-469C-8101-39A26E6AF45F}] => (Allow) D:\GAMES\SteamLibrary\steamapps\common\Aura Kingdom\game.bin

FirewallRules: [TCP Query User{F6389871-CABA-428C-A860-FD222EC6B270}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe

FirewallRules: [UDP Query User{8BE9F98D-8DA0-4C44-A98D-6497171661EF}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe

FirewallRules: [TCP Query User{3D794DA7-A0BF-4E42-A700-1F93299411F4}D:\games\devil may cry 5 - complete edition\binaries\win32\dmc-devilmaycry.exe] => (Allow) D:\games\devil may cry 5 - complete edition\binaries\win32\dmc-devilmaycry.exe

FirewallRules: [UDP Query User{F05D44A1-7268-4885-9BD1-2CC2F50C04B9}D:\games\devil may cry 5 - complete edition\binaries\win32\dmc-devilmaycry.exe] => (Allow) D:\games\devil may cry 5 - complete edition\binaries\win32\dmc-devilmaycry.exe

FirewallRules: [{EE0F8D63-27BE-4EF2-8BDE-26AA454297C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{7605257A-3D4B-49AB-B2DD-132CCB812A10}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{9A5B1E8A-B31F-4B38-B6D9-5E00A45FF065}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{BD3755B2-254D-4C99-9AB3-6C9A3CB42267}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{44D20B8C-A835-4767-9306-134F953356F9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

FirewallRules: [{B3303EAD-5EE2-461A-AAF0-CB56CCE10C86}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

FirewallRules: [{A41FF3C1-CF80-4D64-956E-D623EBA66A93}] => (Allow) C:\Windows\System32\KMSServer.exe

FirewallRules: [{B9C6AC4A-06A8-44A3-A2D7-910AC3D1DEAA}] => (Allow) C:\Windows\System32\KMSServer.exe

FirewallRules: [TCP Query User{CB038158-67D6-4066-B1EF-B01AEB8547E0}C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe

FirewallRules: [UDP Query User{355E4826-AEF9-4DE1-91C3-3545BEC33CB1}C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe

FirewallRules: [{029E27FF-EE21-4AC9-AEBF-2626CF8A0E29}] => (Block) C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe

FirewallRules: [{8E58488F-C3EC-40E4-87DD-E6B23DE3CD13}] => (Block) C:\program files (x86)\java\jdk1.7.0_40\bin\java.exe

FirewallRules: [TCP Query User{D3E3887D-DC4D-46F8-85BB-A17DB4DF3143}C:\program files (x86)\netbeans 8.0.2\bin\netbeans.exe] => (Allow) C:\program files (x86)\netbeans 8.0.2\bin\netbeans.exe

FirewallRules: [UDP Query User{A751FD98-134E-4AEC-9F8B-E7E253030F48}C:\program files (x86)\netbeans 8.0.2\bin\netbeans.exe] => (Allow) C:\program files (x86)\netbeans 8.0.2\bin\netbeans.exe

FirewallRules: [{E5B43872-E575-4F3D-986A-64D619871AD3}] => (Allow) D:\GAMES\Lost Saga\LostSaga\autoupgrade.exe

FirewallRules: [{69B3670B-2F4D-4167-B798-5B149BA07E62}] => (Allow) D:\GAMES\Lost Saga\LostSaga\autoupgrade.exe

FirewallRules: [{CD9A082D-3309-48CB-BDE1-39391F4F243E}] => (Allow) D:\GAMES\Lost Saga\LostSaga\lostsaga.exe

FirewallRules: [{37642C02-07E0-4AAC-9BD9-3C8B1895FFFC}] => (Allow) D:\GAMES\Lost Saga\LostSaga\lostsaga.exe

FirewallRules: [TCP Query User{D4092692-D5C5-4D48-8B18-D81225C3825B}C:\program files (x86)\java\jdk1.8.0\bin\java.exe] => (Block) C:\program files (x86)\java\jdk1.8.0\bin\java.exe

FirewallRules: [UDP Query User{46354920-75FC-4F1F-A024-57422E213465}C:\program files (x86)\java\jdk1.8.0\bin\java.exe] => (Block) C:\program files (x86)\java\jdk1.8.0\bin\java.exe

FirewallRules: [TCP Query User{FE8B8914-6097-4301-BD5F-B0D69500EB11}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0_45\bin\java.exe

FirewallRules: [UDP Query User{F298C8CA-5E47-4D38-BBA2-37840677E966}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0_45\bin\java.exe

FirewallRules: [TCP Query User{D753E326-1315-41D8-818C-82CD5647D11E}C:\program files\java\jdk1.8.0_45\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\javaw.exe

FirewallRules: [UDP Query User{F8ED93EC-2756-4CEA-BB2D-2233892BCBF5}C:\program files\java\jdk1.8.0_45\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\javaw.exe

FirewallRules: [TCP Query User{DB6151F1-04FD-48A9-8E07-2F307A3FE61F}D:\software installer\eclipse luna\eclipse.exe] => (Block) D:\software installer\eclipse luna\eclipse.exe

FirewallRules: [UDP Query User{3E5D112C-48BE-4D66-87B7-55E3CEA6EB97}D:\software installer\eclipse luna\eclipse.exe] => (Block) D:\software installer\eclipse luna\eclipse.exe

FirewallRules: [{929EA187-A7BC-4475-AE10-0276AB7258B2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe

FirewallRules: [{15087077-58B1-4AC5-9883-69C8EE642A7F}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe

FirewallRules: [{F7E106CA-25D3-4AA0-8E8D-9C2FB54E483D}] => (Allow) LPort=7935

FirewallRules: [{03156271-3F11-48B1-9D43-6206B176FA0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/19/2015 12:23:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

Error: (09/19/2015 12:23:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (09/19/2015 12:23:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (09/19/2015 12:13:50 AM) (Source: MsiInstaller) (EventID: 11321) (User: RIP)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.

Error: (09/19/2015 12:12:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/19/2015 12:12:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/18/2015 02:30:40 PM) (Source: MsiInstaller) (EventID: 11321) (User: RIP)

Description: SA_Error1709: StandardAction(0xC00706AD): Produk: AVG 2015 -- Kesalahan 1321. SA_Error1321: StandardAction(0xC0070529): Penginstal tidak mempunyai privilese yang cukup untuk mengubah file ini: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.

Error: (09/18/2015 02:28:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: RIP)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed

Error: (09/18/2015 02:28:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: RIP)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed

Error: (09/18/2015 02:20:31 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

System errors:

=============

Error: (09/19/2015 04:00:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Defender Service service failed to start due to the following error:

%%1053

Error: (09/19/2015 04:00:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect.

Error: (09/19/2015 12:25:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (09/19/2015 12:25:30 AM) (Source: ipnathlp) (EventID: 30013) (User: )

Description: 192.168.43.251192.168.137.0255.255.255.0

Error: (09/19/2015 12:25:30 AM) (Source: ipnathlp) (EventID: 1233) (User: )

Description:

Error: (09/19/2015 12:25:30 AM) (Source: ipnathlp) (EventID: 1233) (User: )

Description:

Error: (09/19/2015 12:25:30 AM) (Source: ipnathlp) (EventID: 1233) (User: )

Description:

Error: (09/19/2015 12:24:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/19/2015 12:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (09/19/2015 12:23:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

CodeIntegrity:

===================================

Date: 2015-07-27 04:23:14.067

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-15 20:50:59.848

Date: 2015-06-15 20:50:58.778

Date: 2015-05-04 19:21:05.000

Date: 2015-05-03 18:41:37.484

Date: 2015-05-03 18:28:38.544

Date: 2015-05-03 18:19:41.800

Date: 2015-05-03 14:45:34.731

Date: 2015-05-03 06:53:29.838

Date: 2015-05-03 06:24:57.206

==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz

Percentage of memory in use: 42%

Total physical RAM: 3957.6 MB

Available physical RAM: 2283 MB

Total Virtual: 4661.6 MB

Available Virtual: 2408.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.49 GB) (Free:26.35 GB) NTFS

Drive d: () (Fixed) (Total:690.8 GB) (Free:56.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: C24F1638)

Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=690.8 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=94.1 GB) - (Type=05)

==================== End of Addition.txt ============================

#2
BrianDrab

Posted 18 September 2015 - 06:13 PM

Trusted Helper

Malware Removal
3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.

- General Instructions -

Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

- Finally Before We Start-

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

I'm reviewing your logs now.

#3
BrianDrab

Posted 18 September 2015 - 06:55 PM

Trusted Helper

Malware Removal
3,591 posts

I've reviewed the logs and created a fix as you are definitely infected. However I noticed that you have illegal software on your machine. Our Terms of Use prohibit me from assisting while this software is on the machine. The part of the TOU that states this is quoted below. If you would like to continue with the cleanup, please remove any illegal software and provide a fresh set of logs and we'll get you cleaned up. Thank you for your understanding.

We will NOT help anyone we suspect of having obtained their software or services illegally.

#4
fandy

Posted 19 September 2015 - 01:33 AM

Member

Topic Starter
Member
12 posts

umm can you tell me the list of illegal software in my pc, so i can remove them completly

#5
BrianDrab

Posted 19 September 2015 - 09:11 AM

Trusted Helper

Malware Removal
3,591 posts

Sure thing. Assuming your copy of Windows is a legal copy, the following programs appear to be the issues.

Microsoft Office Professional Plus 2013

Adobe Creative Suite 6 Master Collection

If you think this software is legit and paid for, please let me know and we'll do some other checks to validate.

Thank you.

#6
fandy

Posted 21 September 2015 - 01:07 AM

Member

Topic Starter
Member
12 posts

I can uninstall Adobe Creative Suite 6 Master Collection, but i still need the Ms Office

i know its a illegal software but can you help me please, i really need the software

Thank you

Edited by fandy, 21 September 2015 - 01:09 AM.

#7
BrianDrab

Posted 21 September 2015 - 06:23 AM

Trusted Helper

Malware Removal
3,591 posts

I'm sorry by the Terms of Use I agreed to when signing up on the forum as well as my personal ethical stance prohibits me from doing so.

If you are looking for Word, Excel, Powerpoint, etc. you can always use the online version which is free.

https://www.office.com/

#8
fandy

Posted 22 September 2015 - 11:35 PM

Member

Topic Starter
Member
12 posts

I already remove the software you told
and this is the new scan report...

now you can help me right?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015

Ran by Rifandi (administrator) on RIP (23-09-2015 12:23:06)

Running from C:\Users\Rifandi\Desktop

Loaded Profiles: Rifandi (Available Profiles: Rifandi)

Platform: Windows 8.1 Pro (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Atheros Commnucations) C:\Windows\System32\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\SysWOW64\ChgService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

() C:\Program Files (x86)\Join Air\AssistantServices.exe

(Microsoft Corporation) C:\Users\Rifandi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(FileProperties_CompanyName) C:\Program Files (x86)\help4u\help4u_notification_service.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Users\Rifandi\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe