Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Concerns about malware from " _q_idm 6 "


  • This topic is locked This topic is locked

#1
Fwgfd

Fwgfd

    New Member

  • Member
  • Pip
  • 9 posts

I wanted to install IDM on a new computer but didn't know where I had put my serial key. So

I went for a crack. Bad idea.

I went to the link "http://www.idm-crack..."andfollowedthefollowing steps:


1: Clicked Download: Mirror Link
2: Clicked "Download Crack + Setup"
3: Started Executable
4: Saw shitware and clicked close in bottom left corner
5:Some tab came up which I closed without reading. I fear that it said that if you click close without unchecking shitware in install it installs said shitware.
6:I wanted to run the executable but now my avast was stopping me. I turned if off for a bit in order to run the executable but had second thoughts, cancelled and ran a system restore.
7: Tried again, had second thoughts again. Ran another system restore.

After running the executable some shitware search engine and some other site were opened up in my browser.
Since then I haven't noticed anything wrong, but it has only been a few hours.

First off, can someone tell me what the damage is? Maybe someone could tell me what the message I didn't read said (by running " _q_idm 6 " for me, with the appropriate precautions of course). With luck it might have said that it WON'T install the shitware, but I have my doubts about that.

(My OS is Windows 7 64bit in case anyone wants to know)


My gratitude in advance and apologies for any impositions.

 


Edited by Fwgfd, 31 August 2016 - 02:35 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I'll check for Malware, I can't assist on crack ware so uninstall anything related to it, uninstall any P2P programs too Utorrent, bit torrent, my torrent etc

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you very much, your assistance is much appreciated.

 

 

"I'll check for Malware, I can't assist on crack ware so uninstall anything related to it, uninstall any P2P programs too Utorrent, bit torrent, my torrent etc"

 

Well, I didn't go through with installing the crack, but the crack is the source of any potential malware.

 

 

 

The first time I ran the scan I tried to close it during the scan since I felt like placing it on my desktop first. And so I ran it again afterwards. However, I forgot to run as administrator, so I ran it yet again. All three scans are here (I highly doubt there was any use in posting more than the third one, but I felt like being thorough):

 

Scan no1:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:19:16)
Running from C:\Users\Blue Star\Downloads
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 02:19 - 2016-09-01 02:19 - 00007792 _____ C:\Users\Blue Star\Downloads\FRST.txt
2016-09-01 02:18 - 2016-09-01 02:19 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT

Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-26 00:20

==================== End of FRST.txt ============================

 

Addition text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:19:53)
Running from C:\Users\Blue Star\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version:  - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version:  - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.


System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.

Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


CodeIntegrity:
===================================
  Date: 2016-08-31 17:14:25.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 17:14:24.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:52:27.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:24:08.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 4061.18 MB
Available physical RAM: 2185.8 MB
Total Virtual: 8120.56 MB
Available Virtual: 6159.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Scan no2:

 

 

FRST:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:21:20)
Running from C:\Users\Blue Star\Desktop
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 02:21 - 2016-09-01 02:21 - 00007904 _____ C:\Users\Blue Star\Desktop\FRST.txt
2016-09-01 02:21 - 2016-09-01 02:21 - 00000000 ____D C:\Users\Blue Star\Desktop\2nd scan
2016-09-01 02:20 - 2016-09-01 02:20 - 00000000 ____D C:\Users\Blue Star\Desktop\1st scan
2016-09-01 02:18 - 2016-09-01 02:21 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Desktop\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT

Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-26 00:20

==================== End of FRST.txt ============================

 

 

 

Addition text:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:21:42)
Running from C:\Users\Blue Star\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version:  - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version:  - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.


System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.

Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


CodeIntegrity:
===================================
  Date: 2016-08-31 17:14:25.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 17:14:24.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:52:27.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:24:08.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 4061.18 MB
Available physical RAM: 2167.77 MB
Total Virtual: 8120.56 MB
Available Virtual: 6127.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Scan no3:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Blue Star (administrator) on BLUESTARPC (01-09-2016 02:30:56)
Running from C:\Users\Blue Star\Desktop
Loaded Profiles: Blue Star (Available Profiles: Blue Star)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Scarlet.Crush Productions) C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Betternet Technologies Inc.) C:\Program Files (x86)\Betternet\Betternet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{0F826E4C-9CD8-4E99-9125-FA37C0355C40}: [DhcpNameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{6572CBCD-7FD5-4D9A-B4EE-2FC5FF11B2AA}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{AAB4624F-3700-42E4-A848-FE7D450D5819}: [DhcpNameServer] 10.16.0.1

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Adblock Plus) - C:\Users\Blue Star\AppData\Roaming\Mozilla\Firefox\Profiles\5p0c8cw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Users\Blue Star\Desktop\Recent Stuff\SCP Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 02:30 - 2016-09-01 02:31 - 00007904 _____ C:\Users\Blue Star\Desktop\FRST.txt
2016-09-01 02:21 - 2016-09-01 02:22 - 00000000 ____D C:\Users\Blue Star\Desktop\2nd scan
2016-09-01 02:20 - 2016-09-01 02:20 - 00000000 ____D C:\Users\Blue Star\Desktop\1st scan
2016-09-01 02:18 - 2016-09-01 02:30 - 00000000 ____D C:\FRST
2016-09-01 02:18 - 2016-09-01 02:18 - 02397696 _____ (Farbar) C:\Users\Blue Star\Downloads\FRST64(1).exe
2016-08-31 17:41 - 2016-08-31 17:41 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-08-31 17:40 - 2016-08-31 17:40 - 00000000 ____D C:\Users\Blue Star\Desktop\Malware
2016-08-31 17:39 - 2016-08-31 22:19 - 00000000 ____D C:\ProgramData\Betternet
2016-08-31 17:39 - 2016-08-31 17:39 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Betternet_Technologies_In
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-31 17:36 - 2016-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Downloaded Installations
2016-08-31 17:36 - 2016-08-31 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-31 17:33 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2CA6.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2C29.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2D15.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2B0E.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw287D.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2BAB.tmp
2016-08-31 17:33 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw291A.tmp
2016-08-31 17:32 - 2016-08-31 17:32 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-31 17:32 - 2016-08-31 17:32 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-31 17:32 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27EF.tmp
2016-08-31 17:32 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2752.tmp
2016-08-31 17:29 - 2016-08-31 17:31 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Blue Star\Downloads\BetternetForWindows.exe
2016-08-31 17:21 - 2016-08-31 17:22 - 02397696 _____ (Farbar) C:\Users\Blue Star\Desktop\FRST64.exe
2016-08-31 17:15 - 2016-08-05 11:12 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5440.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4E51.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5374.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw556A.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5036.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw525B.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw50B3.tmp
2016-08-31 17:15 - 2016-07-23 17:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4BA2.tmp
2016-08-31 16:48 - 2016-08-31 17:13 - 00000000 ____D C:\Program Files (x86)\Jerdickarotocult
2016-08-31 16:48 - 2016-08-31 16:48 - 00000000 ____D C:\Users\Blue Star\AppData\Local\Drerferward
2016-08-31 15:27 - 2016-08-31 15:27 - 00000000 _____ C:\Users\Blue Star\Desktop\REMEMBER UNI DOC GATHERING.txt
2016-08-30 15:18 - 2016-08-30 15:18 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\Wayforward
2016-08-30 15:06 - 2016-08-31 16:54 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\IDM
2016-08-30 15:06 - 2016-08-31 16:52 - 00000000 ____D C:\Users\Blue Star\AppData\Roaming\DMCache
2016-08-30 15:06 - 2016-08-31 16:12 - 00000000 ____D C:\Users\Blue Star\Downloads\Compressed
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Users\Blue Star\Downloads\Video
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\ProgramData\IDM
2016-08-30 15:05 - 2016-08-31 16:54 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-27 15:11 - 2016-08-27 15:13 - 00000000 ____D C:\Users\Blue Star\Desktop\New folder (2)
2016-08-25 11:45 - 2016-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 02:01 - 2016-08-31 17:20 - 00416098 _____ C:\Windows\system32\perfh011.dat
2016-08-25 02:01 - 2016-08-31 17:20 - 00121480 _____ C:\Windows\system32\perfc011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00141988 _____ C:\Windows\system32\perfi011.dat
2016-08-25 02:01 - 2016-08-25 01:59 - 00031548 _____ C:\Windows\system32\perfd011.dat
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\0411
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\ja
2016-08-25 01:59 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\system32\0411
2016-08-25 01:54 - 2010-11-20 05:27 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2016-08-25 01:54 - 2010-11-20 04:20 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2016-08-24 01:19 - 2016-08-24 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greed Corp
2016-08-24 01:18 - 2016-08-24 01:19 - 00000000 ____D C:\Program Files (x86)\Greed Corp
2016-08-17 21:23 - 2016-08-31 17:20 - 00723920 _____ C:\Windows\system32\perfh019.dat
2016-08-17 21:23 - 2016-08-31 17:20 - 00150222 _____ C:\Windows\system32\perfc019.dat
2016-08-17 21:23 - 2016-08-25 01:59 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-08-17 21:23 - 2016-08-17 21:23 - 00000000 ____D C:\Windows\SysWOW64\ru
2016-08-17 21:23 - 2016-08-17 21:22 - 00336704 _____ C:\Windows\system32\perfi019.dat
2016-08-17 21:23 - 2016-08-17 21:22 - 00039446 _____ C:\Windows\system32\perfd019.dat
2016-08-17 21:22 - 2016-08-17 21:22 - 00000000 ____D C:\Windows\system32\ru

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 22:45 - 2016-05-10 19:15 - 00000000 ____D C:\Users\Blue Star\Desktop\Program Shortcuts
2016-08-31 22:44 - 2016-06-23 17:56 - 00001997 _____ C:\Users\Blue Star\Desktop\Security Risks.txt
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-31 17:33 - 2016-06-13 00:17 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-31 17:32 - 2016-06-13 01:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-31 17:32 - 2016-06-13 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-31 17:32 - 2016-06-13 00:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-31 17:20 - 2009-07-14 07:13 - 01401878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 17:19 - 2016-06-23 20:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-31 17:16 - 2016-07-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-31 17:16 - 2016-06-23 22:32 - 00000000 ___SD C:\Users\Blue Star\AppData\LocalLow\Temp
2016-08-31 17:16 - 2016-06-13 13:37 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465817825
2016-08-31 17:16 - 2016-05-02 22:57 - 00000000 ____D C:\Users\Blue Star\Desktop\Games
2016-08-31 17:14 - 2016-05-02 05:01 - 00000000 ____D C:\Users\Blue Star
2016-08-31 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 17:13 - 2016-06-13 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-31 17:13 - 2016-06-13 01:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-31 17:13 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-08-31 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-27 15:12 - 2016-05-04 02:29 - 00000000 ____D C:\Users\Blue Star\Desktop\Recent Stuff
2016-08-27 15:11 - 2016-05-02 23:08 - 00000000 ____D C:\Users\Blue Star\Desktop\Unsorted
2016-08-27 15:02 - 2016-06-11 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-25 02:00 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-25 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-25 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-25 01:59 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-25 01:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-25 01:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-25 01:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-25 01:42 - 2016-07-05 01:36 - 00000000 ____D C:\Users\Blue Star\AppData\Local\A Wizard's Lizard
2016-08-15 18:59 - 2016-06-23 20:33 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-13 14:51 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU(85).TXT

Some files in TEMP:
====================
C:\Users\Blue Star\AppData\Local\Temp\ICReinstall_directx-11.0.exe
C:\Users\Blue Star\AppData\Local\Temp\SynciosTransfer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-05-02 05:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-26 00:20

==================== End of FRST.txt ============================

 

 

Addition text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Blue Star (01-09-2016 02:31:18)
Running from C:\Users\Blue Star\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-02 03:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2400238725-3887890787-1067688403-500 - Administrator - Disabled)
Blue Star (S-1-5-21-2400238725-3887890787-1067688403-1000 - Administrator - Enabled) => C:\Users\Blue Star
Guest (S-1-5-21-2400238725-3887890787-1067688403-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dustforce DX (HKLM-x32\...\Dustforce DX_is1) (Version:  - )
Greed Corp (HKLM-x32\...\Greed Corp) (Version:  - W!Games)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Overfall (HKLM-x32\...\1449227594_is1) (Version: 2.2.0.4 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Planar Conquest (HKLM\...\cGxhbmFyY29ucXVlc3Q_is1) (Version: 1 - )
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Starbound (HKLM\...\c3RhcmJvdW5k_is1) (Version: 1 - )
Syncios Data Transfer version 1.3.3 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.3.3 - Anvsoft, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {464046DF-0939-4159-9223-89729F655D9C} - System32\Tasks\{C1816030-2044-43EE-ABAD-30E15BAC9E3C} => C:\Users\Blue Star\Desktop\Games\A Wizard's Lizard\IGG-A.Wizards.Lizard.v2.6.0\nw.exe
Task: {590E6C34-F4FD-464D-A1A1-EE4810975D53} - System32\Tasks\{E134E7AB-4F06-4D5C-8DF5-F21B5C501748} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe
Task: {759AFDE3-6229-4D15-B69C-83E9C25DBECD} - System32\Tasks\SafeZone scheduled Autoupdate 1465817825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {80AE46DC-4646-4558-93C9-6063137535AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-13] (AVAST Software)
Task: {A04C6B9E-BCE2-4938-9664-A0C99AC61F8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {B55F7557-C4E9-45EA-A8B6-C3BDF2C2C6CE} - System32\Tasks\{4DD4BA24-77AD-48A0-979A-F8948E2FEB3E} => C:\Users\Blue Star\Desktop\Games\New folder (2)\kiwa\痴漢の極み.eXe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 21:50 - 2016-08-31 21:50 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083103\algo.dll
2016-07-23 17:01 - 2016-07-23 17:01 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2400238725-3887890787-1067688403-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blue Star\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFB93514-D453-455F-A43B-1F13512E0F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A24D6BD-8AE4-47D7-AF0E-4D1A89916B9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A183672C-6DD2-4DB6-8D8C-D0932263CD32}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED46A8F4-8C57-4064-89CD-8D3F8D486FD5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{B5BD3502-14EC-4321-993E-FF702C8AA805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21F386E-5991-474F-AA2E-3F9E0C5F23FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F48507F5-CCA8-4399-879B-304F6BF1C797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E04BD1FA-A717-4795-94DB-B211491D8195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{254C46BD-2E26-4610-B663-89E2E657CBD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

17-08-2016 21:15:49 Language Pack Installation
25-08-2016 00:00:02 Scheduled Checkpoint
25-08-2016 01:53:12 Language Pack Installation
27-08-2016 15:17:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-08-2016 15:17:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-08-2016 16:51:21 Restore Operation
31-08-2016 17:36:57 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2016 10:45:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={11C6761C-F86A-4F4C-A2AD-94C81455F0B8}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:45:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A53B5DFB-5013-423C-B7D1-5DA5E3CD8170}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 10:17:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x484
Faulting application start time: 0x01d203c4b0bf51c5
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ef80a149-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:17:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x12c8
Faulting application start time: 0x01d203c49c996000
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dcbc8205-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0xb80
Faulting application start time: 0x01d203c48da3332b
Faulting application path: C:\Program Files (x86)\Betternet\Betternet.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ce5db567-6fb7-11e6-9bf4-00248185dba3

Error: (08/31/2016 10:16:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
   at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
   at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (08/31/2016 07:31:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={061FD67F-B3AE-454A-980E-FD74D157714B}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (08/31/2016 07:31:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={50624684-695F-4B97-8A3F-BCE8914BCC7C}: The user BlueStarPC\Blue Star dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.


System errors:
=============
Error: (08/31/2016 05:09:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 05:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/31/2016 04:56:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Updater Service service to connect.

Error: (08/31/2016 04:51:09 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (08/31/2016 04:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper55 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:50:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper44 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSHelper33 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc5 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2016 04:49:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SSoEasySvc4 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


CodeIntegrity:
===================================
  Date: 2016-08-31 17:14:25.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 17:14:24.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 16:55:31.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:52:27.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:51:58.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:24:08.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:23:39.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 47%
Total physical RAM: 4061.18 MB
Available physical RAM: 2142.24 MB
Total Virtual: 8120.56 MB
Available Virtual: 6111.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:379.22 GB) NTFS
Drive d: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73423F78)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


Edited by Fwgfd, 31 August 2016 - 06:57 PM.

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Beautiful looking log reports, not even a left over toolbar or anything.

Lets check with Malwarebytes

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok

  • 0

#5
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Erm... Is there something wrong with Malwarebytes' site right now? I've been trying to download Malwarebytes for a few days now but the download keeps failing. Should I download it from somewhere else?


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
I had a problem too, the download started but nothing ever appeared


Try form here-------http://filehippo.com...s_anti_malware/

Click the green button to download it.
  • 0

#7
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you, that one worked. I would have found a link myself but I was worried about getting the right version and whatnot.

 

 

The mbam installer says I should disable my antivirus and firewall for the installation. I'm guessing that Malwarebytes is clean, but I thought I should ask first just to make sure.


Edited by Fwgfd, 05 September 2016 - 06:06 AM.

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Malwarebytes is clean !
  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
How is the computer ? Everything looks clean.
  • 0

#10
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Sorry for taking so long; my internet connection is spotty. My apologies for any impositions.

 

As per my usual paranoia I have attached multiple scans due to misclicks and whatnot.

 

"Protection logs" were also available. Should I post them as well?

 

Something I noticed even before running a mbam scan was a folder in "C:\Program Files (x86)" named "Jerdickarotocult". Within it was a single file (though I didn't set the folder to "view hidden" named "Drolalejedese". Malwarebytes quarantined it as a PUP (.Elex or something like that) after which I deleted it. Usually I wouldn't bother mentioning a particular piece of malware but this one has such creepy sounding folder and file names.

Attached Files


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts

Malwarebytes quarantined it as a PUP (.Elex or something like that)

"PUP.Optional.Elex is a specific detection used by Malwarebytes Anti-Malware to indicate and detect Potentially Unwanted Propgrams (PUP). When Malwarebytes Anti-Malware detects PUP.Optional.Elex you do not immediately have to worry, because it is not a virus or other malware. But only a unwanted program classified as PUP or adware because it has a bad reputation or behavior. And in most cases the program is installed whitout your knowledge, therefore detects Malwarebytes Anti-Malware this application as PUP.Optional.Elex"

While you're here lets scan for adware
Next
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

  • 0

#12
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

"While you're here lets scan for adware"

 

Sounds good. Here are the logfiles. My apologies for the delay.

Attached Files


Edited by Fwgfd, 09 September 2016 - 05:43 PM.

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Looks good,

Nothing found. I think we are ok here.

Joe
  • 0

#14
Fwgfd

Fwgfd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you very much.

 

One last thing if I may, do you happen to know of any safe video downloader software?

 

(edit: Well, safe and free)


Edited by Fwgfd, 09 September 2016 - 06:22 PM.

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
I don't but I'll check around. Be very careful looking around for one. These are just the item that will infect you.

Please delete the tools we used, right click and delete them, log files as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP