Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Too Much CPU Usage With Many Redirects

In Progress 
2K views 10 replies 3 participants last post by  Cookiegal 
#1 ·
Everytime I opened my computer then I open firefox, the newly opened firefox just reached 98 CPU USAGE in just 2 seconds. I just noticed it yesterday when my online games drastically slowed due to firefox.exe. Ending the process "firefox.exe" will stop the rise in cpu usage without any apps closing.
Suspicions:
I runned the antivirus hitmanpro last week, it found many adwares and malware cryptominers and then I deleted it. Still I always get redirections from google search: redirecting to pipechannels or alphashoppers then adds another search search bar just below the link search. Not only from searching through google but on any site I visit I get redirected to adware sites. Whenever I run any antivirus: Avira, HitmanPro, MalwareBytes; it says no malware/virus found... What shalt I do?

Edit:
I added add-on "SkipRedirect" the only counter-redirect addon for firefox quantum so I can manage to view sites and content without closing many pop-ups and redirects.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 19 Stepping 1
Processor Count: 2
RAM: 5315 Mb
Graphics Card: AMD Radeon HD 8370D, 768 Mb
Hard Drives: C: 83 GB (36 GB Free); D: 66 GB (30 GB Free);
Motherboard: ECS, A68M-C4DL
Antivirus: Avira Antivirus, Enabled and Updated
 
See less See more
#2 ·
Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Hello dachmc and welcome back to the Tech Support Guy Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#3 ·
Please run the following scans:

Step one...

MGA Diagnostic Tool
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run as adminsitrator.
  • Click on Continue to run the scan.
  • Once the scan is finished click Copy to copy the results. Paste them in your reply.

Step two...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • MGADiag report
  • ckfiles.txt
  • Are there any changes in computer behavior?
 
#4 ·
I have no problems with the instructions.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {1E4D70F6-1B40-42EF-9EBF-2E536B280204}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.180112-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1E4D70F6-1B40-42EF-9EBF-2E536B280204}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-4004447087-832109242-1178923475</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>A68M-C4DL</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2.0 </Version><SMBIOSVersion major="2" minor="8"/><Date>20150630000000.000000+000</Date></BIOS><HWID>9A220A00018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600173-02-1033-7601.0000-3202017
Installation ID: 002243829161205274010783117186602610650896212225817426
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VKM6G
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/30/2018 7:26:29 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 2:20:2018 13:25
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAAABAABAAEAAQACAAAAAQABAAEAonZKhe77WORu1pSrQk2Ss3f2iptckPoW8AE=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
FIDT ALASKA A M I
UEFI ALASKA A M I
IVRS AMD BANTRY
SSDT AMD BANTRY
SSDT AMD BANTRY
CRAT AMD BANTRY
SSDT AMD BANTRY
SSDT AMD BANTRY
SLIC _ASUS_ Notebook
 
#6 ·
Hello dachmc :)

Please run the following scan:

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    You need to download and run the 64-bit version.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Also, please let me know the brand and model of your computer.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.text
  • Addition.text
  • An answer to my question
  • Are there any changes in computer behavior?
 
#7 ·
I have no problems with the instructions

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by ivanpogi (administrator) on PC01 (31-03-2018 16:26:32)
Running from C:\Users\ivanpogi\Downloads
Loaded Profiles: ivanpogi (Available Profiles: ivanpogi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\TinaSoft\Easy Cafe Client\client.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
() C:\Program Files (x86)\TinaSoft\Easy Cafe Client\guardit.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Roblox Corporation) C:\Users\ivanpogi\AppData\Local\Roblox\Versions\version-0b0d33f48a1a43b3\RobloxPlayerBeta.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-22] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\ivanpogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyCafe Client.lnk [2018-03-29]
ShortcutTarget: EasyCafe Client.lnk -> C:\Program Files (x86)\TinaSoft\Easy Cafe Client\client.exe ()
Startup: C:\Users\ivanpogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2018-02-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F37ECD55-2200-46F9-8D99-85E900BE7207}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4004447087-832109242-1178923475-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10444__180112__yaie&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-19] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-03-25] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default [2018-03-31]
FF Extension: (Grammarly for Firefox) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-02-15]
FF Extension: (Avira Browser Safety) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\Extensions\abs@avira.com.xpi [2017-12-15]
FF Extension: (Skip Redirect) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\Extensions\skipredirect@sblask.xpi [2018-03-24]
FF Extension: (FamilyFriendly Parental Control, Porn Blocker) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\Extensions\{6a2b1f3a-fd62-480d-96ad-4714bfffa22d}.xpi [2018-02-25]
FF Extension: (Web Secure) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\Extensions\{b6d09408-a35e-11e7-bc48-f3e9438e081e}.xpi [2018-03-21]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\ivanpogi\AppData\Roaming\Mozilla\Firefox\Profiles\gDUDW0Wp.default\features\{18d71b5b-b292-44ea-932d-b6435addafd1}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-19] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-02-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\17522110.js [2018-02-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\17522110.cfg [2018-02-20] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.blpsearch.com/search?sid=674&aid={APPID}&itype=u&src=ds&p={searchTerms}&tm=0
CHR DefaultSearchKeyword: Default -> BLPSearch
CHR Profile: C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (SearchApp) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaffdpaiepancalmjdliimagfomfklk [2018-01-03]
CHR Extension: (Avira Password Manager) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-03-28]
CHR Extension: (Search Privacy) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dldnpgmljgndaecbngllhbhdmplmgbmi [2018-01-06]
CHR Extension: (SearchWeb) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ediekkenfmejahmooidjokigdnoofegp [2018-03-28]
CHR Extension: (Avira Browser Safety) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-11-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\ivanpogi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1136744 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-02-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1533608 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2940584 2018-03-16] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-22] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe [319296 2018-03-20] (Garena Online )
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-03-12] (SurfRight B.V.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-18] (Microsoft Corporation)
R2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [135160 2017-10-16] (SHADOWDEFENDER.COM)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-11-09] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153552 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-11-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-11-09] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-11-09] (Avira Operations GmbH & Co. KG)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [464008 2017-10-15] (SHADOWDEFENDER.COM)
S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [110672 2018-02-15] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 16:26 - 2018-03-31 16:28 - 000016058 _____ C:\Users\ivanpogi\Downloads\FRST.txt
2018-03-31 16:26 - 2018-03-31 16:26 - 000000000 ____D C:\FRST
2018-03-31 16:25 - 2018-03-31 16:25 - 002403328 _____ (Farbar) C:\Users\ivanpogi\Downloads\FRST64.exe
2018-03-30 21:09 - 2018-03-30 21:09 - 001106840 _____ (Unity Technologies ApS) C:\Users\ivanpogi\Downloads\UnityWebPlayer64(1).exe
2018-03-30 19:28 - 2018-03-30 19:28 - 000000127 _____ C:\Users\ivanpogi\Desktop\ckfiles.txt
2018-03-30 19:26 - 2018-03-30 19:26 - 000000000 ____D C:\ProgramData\Office Genuine Advantage
2018-03-30 19:26 - 2018-03-30 19:26 - 000000000 ____D C:\MGADiagToolOutput
2018-03-30 19:24 - 2018-03-30 19:24 - 002031992 _____ (Microsoft Corporation) C:\Users\ivanpogi\Desktop\MGADiag.exe
2018-03-30 19:24 - 2018-03-30 19:24 - 000468480 _____ () C:\Users\ivanpogi\Desktop\CKScanner.exe
2018-03-30 16:39 - 2018-03-28 01:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-30 16:39 - 2018-03-28 01:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-03-30 16:39 - 2018-03-28 01:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-03-30 16:39 - 2018-03-08 20:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-30 16:39 - 2018-03-08 20:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-03-30 16:39 - 2018-03-08 20:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-30 16:39 - 2018-03-08 20:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-03-30 16:39 - 2018-03-08 20:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-30 16:39 - 2018-03-08 20:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 20:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-03-30 16:39 - 2018-03-08 19:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-03-30 16:39 - 2018-03-08 19:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-03-30 16:39 - 2018-03-08 19:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-03-30 16:39 - 2018-03-08 19:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-03-30 16:39 - 2018-03-08 19:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-03-30 16:39 - 2018-03-08 19:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-03-30 16:39 - 2018-03-08 19:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-30 16:39 - 2018-03-08 19:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-30 16:39 - 2018-03-08 19:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-30 16:39 - 2018-03-08 19:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-30 16:39 - 2018-03-08 19:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-30 16:39 - 2018-03-08 19:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-03-30 16:39 - 2018-03-08 19:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-03-30 16:39 - 2018-03-08 19:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-03-30 16:39 - 2018-03-08 19:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-03-30 16:39 - 2018-03-08 19:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-03-30 16:39 - 2018-03-08 19:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-03-30 16:39 - 2018-03-08 19:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 16:39 - 2018-03-08 19:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-30 16:39 - 2018-02-18 14:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-28 16:26 - 2018-03-28 16:26 - 000748192 _____ (TechGuy, Inc.) C:\Users\ivanpogi\Downloads\SysInfo.exe
2018-03-28 14:24 - 2018-03-28 14:24 - 000822328 _____ (Roblox Corporation) C:\Users\ivanpogi\Downloads\RobloxPlayerLauncher.exe
2018-03-28 11:45 - 2018-03-28 11:45 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-03-27 12:09 - 2018-03-31 16:29 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-03-21 13:45 - 2018-02-13 11:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-21 13:45 - 2018-02-13 11:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-21 13:45 - 2018-02-13 07:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-21 13:45 - 2018-02-13 07:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-19 12:52 - 2018-03-19 12:52 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 19:01 - 2018-03-12 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-10 18:13 - 2018-03-10 18:13 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2018-03-10 15:46 - 2018-03-12 19:01 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-10 15:43 - 2018-03-10 18:17 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-10 15:43 - 2018-03-10 15:43 - 011605440 _____ (SurfRight B.V.) C:\Users\ivanpogi\Downloads\HitmanPro_x64.exe
2018-03-07 14:55 - 2018-03-07 17:58 - 000000000 ____D C:\AdwCleaner
2018-03-07 14:55 - 2018-03-07 14:55 - 008222496 _____ (Malwarebytes) C:\Users\ivanpogi\Downloads\adwcleaner_7.0.8.0.exe
2018-03-06 19:20 - 2018-03-06 19:22 - 000199178 _____ C:\TDSSKiller.3.1.0.16_06.03.2018_18.20.45_log.txt
2018-03-06 19:20 - 2018-03-06 19:20 - 004944584 _____ (AO Kaspersky Lab) C:\Users\ivanpogi\Downloads\tdsskiller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 16:30 - 2017-11-17 15:15 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-03-31 16:24 - 2017-11-17 17:09 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-31 16:20 - 2017-11-17 16:28 - 000000000 ____D C:\Users\ivanpogi\AppData\LocalLow\Mozilla
2018-03-31 16:19 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-31 12:49 - 2017-11-17 14:55 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-31 10:46 - 2009-07-13 21:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-31 10:46 - 2009-07-13 21:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-30 21:06 - 2018-02-22 18:43 - 000000000 ___RD C:\Users\ivanpogi\OneDrive
2018-03-30 19:42 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-30 19:42 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-03-29 14:47 - 2018-02-03 14:46 - 000002114 _____ C:\Users\ivanpogi\Desktop\RobloxPlayerLauncher - Shortcut.lnk
2018-03-29 14:47 - 2017-11-17 17:25 - 000001166 _____ C:\Users\ivanpogi\Desktop\Roblox Studio.lnk
2018-03-29 14:47 - 2017-11-17 17:25 - 000000000 ____D C:\Users\ivanpogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-03-28 18:51 - 2018-02-02 18:34 - 000000000 ____D C:\Users\ivanpogi\AppData\Roaming\CC
2018-03-28 11:46 - 2018-02-22 18:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-28 11:45 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-28 11:42 - 2018-02-20 18:23 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-28 11:19 - 2017-11-17 16:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-28 11:19 - 2017-11-17 16:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-27 16:20 - 2018-02-26 00:23 - 000000000 ____D C:\Users\ivanpogi\Desktop\pa print
2018-03-27 15:31 - 2017-11-17 20:30 - 000000000 ____D C:\Users\ivanpogi\AppData\Local\CrashDumps
2018-03-27 15:27 - 2017-11-17 17:09 - 000003412 _____ C:\Windows\System32\Tasks\gxx speed launcher
2018-03-27 12:10 - 2017-11-17 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-03-27 12:09 - 2017-11-17 15:09 - 000003664 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2018-03-26 19:44 - 2017-11-18 00:06 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-25 15:45 - 2009-07-13 22:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-03-25 14:42 - 2009-07-13 22:08 - 000032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-23 11:09 - 2017-11-17 13:52 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-22 14:53 - 2017-11-17 14:22 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 13:51 - 2018-02-22 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-19 12:52 - 2017-11-18 16:36 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-19 12:52 - 2017-11-18 16:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-19 12:52 - 2017-11-18 16:36 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-19 12:52 - 2017-11-18 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-19 12:52 - 2017-11-18 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-10 15:43 - 2018-02-25 20:53 - 000000000 ____D C:\Users\ivanpogi\AppData\Roaming\Process Hacker 2
2018-03-10 09:39 - 2018-02-23 10:48 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4004447087-832109242-1178923475-1000
2018-03-10 09:39 - 2018-02-22 18:43 - 000002161 _____ C:\Users\ivanpogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-03-07 17:57 - 2018-01-12 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-01 13:37 - 2017-11-17 15:06 - 000000000 ____D C:\ProgramData\Avira
2018-03-01 13:37 - 2017-11-17 15:06 - 000000000 ____D C:\Program Files (x86)\Avira

Some files in TEMP:
====================
2018-03-01 23:56 - 2018-03-01 23:56 - 000450880 _____ (Garena Online ) C:\Users\ivanpogi\AppData\Local\Temp\Garena.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-30 19:57

==================== End of FRST.txt ============================
 
#8 · (Edited)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by ivanpogi (31-03-2018 16:30:52)
Running from C:\Users\ivanpogi\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-17 07:10:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4004447087-832109242-1178923475-500 - Administrator - Disabled)
Guest (S-1-5-21-4004447087-832109242-1178923475-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4004447087-832109242-1178923475-1003 - Limited - Enabled)
ivanpogi (S-1-5-21-4004447087-832109242-1178923475-1000 - Administrator - Enabled) => C:\Users\ivanpogi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7A1671F0-A61F-C0B6-69BF-38E13A6A03E0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.16.0 - Asmedia Technology)
Avira (HKLM-x32\...\{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{9D24954D-DDA8-45CC-829F-657ADC5A9BD3}) (Version: 2.0.4.54899 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1803.2016 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4004447087-832109242-1178923475-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{D8866D22-EB42-2A80-6DA2-A0809F8A5810}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.90.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7409 - Realtek Semiconductor Corp.)
Roblox Player for ivanpogi (HKU\S-1-5-21-4004447087-832109242-1178923475-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Rules of Survival version 1.131521.131988 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.131521.131988 - Hong Kong Netease Interactive Entertainment Limited)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.672 - ShadowDefender.com)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4004447087-832109242-1178923475-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ivanpogi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers1: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-13] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers4: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-13] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D6990AD-3F72-4D6C-A28D-F85B457CCFF6} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-27] (Avira Operations GmbH & Co. KG )
Task: {27E4492A-ED42-4111-B547-0B8B77B8C3A4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-28] (Microsoft Corporation)
Task: {3D5DCEA2-6B71-43D0-866C-7CC389042E9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-17] (Google Inc.)
Task: {6AF4F64C-4B1D-4545-94AE-26EFF789B72E} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-22] (Avira Operations GmbH & Co. KG)
Task: {824F5276-604F-40D4-AEF0-1D3772F17716} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {8630FB94-EB98-4D4B-8D77-088A8910074E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-17] (Google Inc.)
Task: {8E556C99-D0B0-478A-B25E-B7DAC5A4851A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-28] (Microsoft Corporation)
Task: {96E68DB6-39C2-4B6A-8C99-AE027F251F4B} - System32\Tasks\Opera scheduled Autoupdate 1515781504 => C:\Users\ivanpogi\AppData\Local\Programs\Opera\launcher.exe
Task: {A17B20A1-6EE4-42D5-945F-3607E55F771E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-19] (Adobe Systems Incorporated)
Task: {CA9AC2EC-81A4-4647-910F-4314445E4990} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {D15B7A50-4A26-4030-A69B-293E3EEC7162} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-02-16] (Avira Operations GmbH & Co. KG)
Task: {D5275E1D-9304-46B4-B448-04DAE157F37B} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
Task: {D57FFD7C-C30F-4476-8D6A-3EBF053F33C6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-19] (Adobe Systems Incorporated)
Task: {F5551E7F-761E-40BD-9D30-75EE3DF65E35} - System32\Tasks\TelemetricSys => C:\Users\ivanpogi\AppData\Roaming\TelemetricSys\TelemetricSys.exe <==== ATTENTION
Task: {F722C29B-ECEB-4150-A23B-2AC68A9D8BE8} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-03-20] (Garena Online )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-11-25 18:16 - 2003-04-14 18:37 - 000451072 _____ () C:\Program Files (x86)\TinaSoft\Easy Cafe Client\client.exe
2017-11-25 18:16 - 2003-03-10 16:49 - 000018944 _____ () C:\Program Files (x86)\TinaSoft\Easy Cafe Client\Guardit.exe
2017-10-12 23:46 - 2017-10-12 23:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libprotobuf-lite.dll
2018-03-20 01:38 - 2018-03-20 01:38 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libs\gxx_pipe_engine.dll
2018-03-20 01:37 - 2018-03-20 01:37 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\libs\FSFileSytem.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\Logs:Defender.log [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4004447087-832109242-1178923475-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4004447087-832109242-1178923475-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ivanpogi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{04D327AB-BDD8-4CF4-AAA7-D35F86F4ACDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ADF44107-1E5F-4729-AE61-4C5FF9527451}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D28BBFC4-960E-4229-9042-729217894230}C:\program files (x86)\tinasoft\easy cafe client\client.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\client.exe
FirewallRules: [UDP Query User{CFE325DE-7306-4707-ADA6-CB0A2D13FD2A}C:\program files (x86)\tinasoft\easy cafe client\client.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\client.exe
FirewallRules: [{47F0BAC5-B3B9-4471-B033-79DD7E7AB635}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.1417\gxxsvc.exe
FirewallRules: [TCP Query User{11E76781-7DC8-40B1-BBB3-3523C51E05FE}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D84474B5-0ED9-4EF0-892C-78C875F63F5F}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{29D28D93-85D0-49CD-B918-864487B69325}C:\program files (x86)\tinasoft\easy cafe client\client.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\client.exe
FirewallRules: [UDP Query User{2600BE47-8B45-45DA-95EF-9B131A97744E}C:\program files (x86)\tinasoft\easy cafe client\client.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\client.exe
FirewallRules: [{0D72BF02-4522-4391-BB13-511BB3EE8156}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.2118\gxxsvc.exe
FirewallRules: [{B347EA3B-24DF-4199-B807-AC6EA2EF638B}] => (Allow) D:\PBgraena (PC07)\GameData\Apps\PBPH\PointBlank.exe
FirewallRules: [{2EF372D7-7436-4945-ACD8-948D2AA3C941}] => (Allow) D:\PBgraena (PC07)\GameData\Apps\PBPH\PointBlank.exe
FirewallRules: [{8B8298A9-A459-4215-8713-C9660D6908CE}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.3015\gxxsvc.exe
FirewallRules: [{73B2DEA3-BF5E-4049-AAC9-5BE520499D15}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{D0719A9C-C7DA-4964-9955-C40E075B9758}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{7A18B089-66F1-423F-B206-86EF382AFB3D}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{DCD7B327-DB2A-45DB-AF11-E61895F94570}C:\garenadownload\games\lolph\lolinstaller.exe] => (Allow) C:\garenadownload\games\lolph\lolinstaller.exe
FirewallRules: [UDP Query User{A7E102C6-A706-4E4B-924D-E03C787DD986}C:\garenadownload\games\lolph\lolinstaller.exe] => (Allow) C:\garenadownload\games\lolph\lolinstaller.exe
FirewallRules: [{F375797E-43C8-49D1-8487-01B5969A94BF}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1712.1422\gxxsvc.exe
FirewallRules: [TCP Query User{C6F3CDF0-0A4C-4C0C-8188-2CA783E4B69C}C:\program files (x86)\tinasoft\easy cafe client\plugin\easychat.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\plugin\easychat.exe
FirewallRules: [UDP Query User{10002D25-BC65-4DD5-8D3A-8F830011793C}C:\program files (x86)\tinasoft\easy cafe client\plugin\easychat.exe] => (Block) C:\program files (x86)\tinasoft\easy cafe client\plugin\easychat.exe
FirewallRules: [{85831342-3500-49F5-B9E4-3D48C4593917}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1712.3018\gxxsvc.exe
FirewallRules: [{BE0AA18E-9DEC-461F-9CF2-5BC73D09BB6C}] => (Allow) C:\Users\ivanpogi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B1735EF1-58C6-4776-8237-FABB6C56C625}] => (Allow) C:\Users\ivanpogi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8D8487E9-FAE1-437D-BCE8-F2362A6CA807}] => (Allow) C:\Users\ivanpogi\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{C3D94B5F-A8E3-45B1-9AB1-AE3505F9874B}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1018\gxxsvc.exe
FirewallRules: [{34FCA6D1-693C-4928-89F8-274663E56DD0}] => (Allow) C:\Users\ivanpogi\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{17CBE607-CCC2-404D-B661-E5483C1DF30A}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1820\gxxsvc.exe
FirewallRules: [TCP Query User{0A90646B-93C3-43BC-A43A-062410D8E48D}D:\ros\ros.exe] => (Allow) D:\ros\ros.exe
FirewallRules: [UDP Query User{06A424F2-B400-4CFA-8A80-1510117F75C8}D:\ros\ros.exe] => (Allow) D:\ros\ros.exe
FirewallRules: [TCP Query User{4125CE85-B805-4946-A1EB-90C4A66B2434}D:\ros\ccmini\ccmini.exe] => (Allow) D:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{B438180C-19BD-4DF7-BE87-788177B73350}D:\ros\ccmini\ccmini.exe] => (Allow) D:\ros\ccmini\ccmini.exe
FirewallRules: [{8696A461-3B8C-4407-95C5-DB7EC5E2B4FF}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1802.1114\gxxsvc.exe
FirewallRules: [{0D0BA200-9495-4A33-94A2-65A557DAF835}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0F2B1114-BB2F-4EF6-99E8-C58D659731A3}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.0214\gxxsvc.exe
FirewallRules: [TCP Query User{0BECA510-C9E6-48E7-A63D-E86B6AC608D7}D:\league of legends\32774\leagueclient\leagueclient.exe] => (Allow) D:\league of legends\32774\leagueclient\leagueclient.exe
FirewallRules: [UDP Query User{E39C58F4-B93C-44AF-98A7-7342BBDE155A}D:\league of legends\32774\leagueclient\leagueclient.exe] => (Allow) D:\league of legends\32774\leagueclient\leagueclient.exe
FirewallRules: [{562A2321-C860-44FD-9D3C-93FF76329A79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5CDEC735-795F-4704-925E-572673941394}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe

==================== Restore Points =========================

30-03-2018 19:23:42 restore point adware
30-03-2018 19:32:10 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2018 04:20:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/31/2018 12:49:21 PM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/31/2018 10:16:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 09:19:30 PM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/30/2018 08:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 08:03:33 PM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/30/2018 07:37:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 07:32:55 PM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (03/31/2018 04:20:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/31/2018 10:20:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/31/2018 10:16:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/30/2018 08:17:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/30/2018 07:37:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/30/2018 02:43:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/30/2018 10:49:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/30/2018 09:24:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

==================== Memory info ===========================

Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 5315.19 MB
Available physical RAM: 2133.34 MB
Total Virtual: 10628.55 MB
Available Virtual: 6162.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:83.01 GB) (Free:37.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:66.03 GB) (Free:30.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: F548F548)
Partition 1: (Active) - (Size=83 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=66 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

An answer to my question

The abnormally high firefox cpu usage seems gone I think its because of the recent widows update but the adware redirections and custom google search are still here...
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top