Thank you very much, your assistance is much appreciated.
"I'll check for Malware, I can't assist on crack ware so uninstall anything related to it, uninstall any P2P programs too Utorrent, bit torrent, my torrent etc"
Well, I didn't go through with installing the crack, but the crack is the source of any potential malware.
The first time I ran the scan I tried to close it during the scan since I felt like placing it on my desktop first. And so I ran it again afterwards. However, I forgot to run as administrator, so I ran it yet again. All three scans are here (I highly doubt there was any use in posting more than the third one, but I felt like being thorough):
Scan no1:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:19:16)
Running from C:\Users\Blue Star\Downloads
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1
Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 02:19 - 2016-09-01 02:19 - 00007792 _____ C:\Users\Blue Star\Downloads\FRST.txt
2016-09-01 02:18 - 2016-09-01 02:19 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT
Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-26 00:20
==================== End of FRST.txt ============================
Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:19:53)
Running from C:\Users\Blue Star\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version: - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version: - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.
Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
CodeIntegrity:
===================================
Date: 2016-08-31 17:14:25.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 17:14:24.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:52:27.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:24:08.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 4061.18 MB
Available physical RAM: 2185.8 MB
Total Virtual: 8120.56 MB
Available Virtual: 6159.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan no2:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:21:20)
Running from C:\Users\Blue Star\Desktop
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1
Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 02:21 - 2016-09-01 02:21 - 00007904 _____ C:\Users\Blue Star\Desktop\FRST.txt
2016-09-01 02:21 - 2016-09-01 02:21 - 00000000 ____D C:\Users\Blue Star\Desktop\2nd scan
2016-09-01 02:20 - 2016-09-01 02:20 - 00000000 ____D C:\Users\Blue Star\Desktop\1st scan
2016-09-01 02:18 - 2016-09-01 02:21 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Desktop\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT
Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-26 00:20
==================== End of FRST.txt ============================
Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:21:42)
Running from C:\Users\Blue Star\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version: - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version: - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.
Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
CodeIntegrity:
===================================
Date: 2016-08-31 17:14:25.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 17:14:24.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:52:27.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:24:08.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 4061.18 MB
Available physical RAM: 2167.77 MB
Total Virtual: 8120.56 MB
Available Virtual: 6127.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan no3:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:30:56)
Running from C:\Users\Blue Star\Desktop
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1
Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 02:30 - 2016-09-01 02:31 - 00007904 _____ C:\Users\Blue Star\Desktop\FRST.txt
2016-09-01 02:21 - 2016-09-01 02:22 - 00000000 ____D C:\Users\Blue Star\Desktop\2nd scan
2016-09-01 02:20 - 2016-09-01 02:20 - 00000000 ____D C:\Users\Blue Star\Desktop\1st scan
2016-09-01 02:18 - 2016-09-01 02:30 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Desktop\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT
Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-26 00:20
==================== End of FRST.txt ============================
Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:31:18)
Running from C:\Users\Blue Star\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version: - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version: - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3
Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.
Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
CodeIntegrity:
===================================
Date: 2016-08-31 17:14:25.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 17:14:24.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 16:55:31.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:52:27.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:51:58.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:24:08.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 15:23:39.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 47%
Total physical RAM: 4061.18 MB
Available physical RAM: 2142.24 MB
Total Virtual: 8120.56 MB
Available Virtual: 6111.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================