Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CPU Load High, Computer Sluggish, MBAM Not Starting


  • Please log in to reply

#1
brispuss

brispuss

    Member

  • Member
  • PipPip
  • 17 posts

Suspect I might have malware.

 

Running Windows 7 32 bit SP1.

 

For about a week now the CPU idle load often jumps up to 50%, and might go to 100% on some occasions. Also, my computer seems to be a bit slow, especially when browsing on the internet.

 

Note that although I'm using a slow (dial-up) internet connection, recently it seems to take longer to open web pages and download etc.

 

On investigation (via Windows Task Manager), it seems that the file WmiApSrv.exe when running seems to be the cause of the higher CPU loads. Note that this file is (apparently) located in C:\Windows\Fonts according to the Task Manager.

 

There is another file named WmiApSrv.exe located within C:\Windows\System32\webm directory also, but it is a legitimate system file I believe.

 

Now, the file "WmiApSrv.exe" located within C:\Windows\Fonts directory shouldn't be there I believe(?). Also this files' process can be stopped temporarily by stopping it under Processes under the Task Manager. But inevitably this process will restart as early as within a minute after stopping it, and restarts no longer than about 5 minutes after stopping it. The CPU loads jumps to 50% when this process runs, and if another instance of WmiApSrv.exe runs, the the CPU load jumps to 100%!

 

There was some malware on my computer (apparently), and it was supposedly removed by using several anti-malware programs (with the assistance of another "helper" elsewhere), but I suspect that not all malware has been found and/or removed.

 

Ran (in no particular order) - RKill, MBAR (MalwareBytes Anti-Rootkit), RogueKiller, AdwCleaner, Junkware Removal Tool, SAS (SUPERAntispyware), and tried running MBAM (MalwareBytes Anti-Malware). MBAM fails to run with error message "Unable to start" and also "Unable to connect the service".

 

MBAM previously ran fine, but not anymore. Tried uninstalling and reinstalling etc, but MBAM still fails to run. Suspect either malware is blocking it, and/or there is some other issue.

 

Also ran chkdsk and sfc to check my computer, but there were no issues found.

 

Here are latest FRST scan logs -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2017
Ran by Administrator (administrator) on MINE-PC (07-07-2017 15:41:00)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\mssecsvc.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Edward Leigh) C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\Fonts\wininit.exe
(Microsoft Corporation) C:\Windows\Fonts\WmiApSrv.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\MountPoints2: {0698c26a-adf2-11e6-a5dc-806e6f6e6963} - G:\autorun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2017-04-01]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-01]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-05]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe [3723264 2017-07-05] () [File not signed]
R2 WELM; C:\Windows\Fonts\wininit.exe [1438724 2017-07-06] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
S3 eapihdrv; C:\Users\Administrator\AppData\Local\Temp\ehdrv.sys [135760 2017-07-05] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX™)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 23:13 - 2017-07-06 23:14 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-06 12:19 - 2017-07-06 12:19 - 00000000 _____ C:\What the....txt
2017-07-06 12:03 - 2017-07-06 12:03 - 01782272 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-06 11:25 - 2017-07-06 11:25 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-06 11:25 - 2017-07-06 11:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-06 11:25 - 2017-07-06 11:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-06 11:25 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-06 11:23 - 2017-07-06 11:24 - 00028097 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-05 21:59 - 2017-07-05 21:58 - 02870984 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S C:\Windows\mssecsvc.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03514368 ____S C:\Windows\tasksche.exe
2017-07-05 21:53 - 2017-07-05 21:53 - 00002476 _____ C:\Users\Administrator\Desktop\Rkill.txt
2017-07-05 21:53 - 2017-07-05 21:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\uSeRiNiT.exe
2017-07-05 21:09 - 2017-07-05 21:09 - 00003011 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-05 13:24 - 2017-07-05 13:24 - 00047204 _____ C:\Users\Administrator\Desktop\Shortcut.txt
2017-07-05 13:23 - 2017-07-06 11:52 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-05 12:43 - 2017-07-05 12:43 - 00002923 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-05 12:22 - 2017-07-03 22:10 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT_(8.1.3.0).exe
2017-07-04 23:03 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner_6.047 (6.0.4.7).exe
2017-07-04 22:54 - 2017-07-05 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-04 22:18 - 2017-07-05 12:29 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 18:33 - 2017-07-04 18:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-07-04 18:31 - 2017-07-04 18:33 - 00213530 _____ C:\TDSSKiller.3.1.0.15_04.07.2017_18.31.53_log.txt
2017-07-04 15:18 - 2017-07-04 15:18 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-04 14:47 - 2017-07-07 15:41 - 00012557 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-04 14:47 - 2017-07-06 12:05 - 00027762 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-02 22:09 - 2017-07-02 22:09 - 00017195 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-02 03:16 - 2017-07-07 15:41 - 00000000 ____D C:\FRST
2017-07-01 21:45 - 2017-07-01 21:46 - 00001488 _____ C:\Users\Administrator\Desktop\FLVPlayer4Free.lnk
2017-07-01 21:28 - 2017-07-07 15:41 - 00099009 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-07 15:41 - 00071595 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-01 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:16 - 2017-06-28 21:16 - 00000000 ____D C:\RegBackup
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00002117 _____ C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-06-27 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-06-27 20:22 - 00000790 _____ C:\Users\Administrator\Desktop\ZHPDiag.lnk
2017-06-27 20:22 - 2017-06-27 20:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-25 00:11 - 2017-07-05 13:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-01 21:41 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-07 13:59 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-07 13:59 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-07 13:54 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-07 00:38 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-07 00:38 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 00:38 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 00:38 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 00:10 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-05 12:30 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 18:32 - 2017-02-28 17:41 - 00849766 _____ C:\Windows\ntbtlog.txt
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-03 16:03 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-03 16:00 - 2010-11-21 09:01 - 00778180 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 16:00 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-29 11:20 - 2017-05-27 12:53 - 00000354 _____ C:\Windows\w32dasm8.ini
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
 
==================== Files in the root of some directories =======
 
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
2017-07-03 22:10 - 2017-07-07 00:36 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-01-18 09:12 - 2017-01-18 09:12 - 0012288 _____ () C:\Users\Mine\AppData\Local\Temp\qRlttEQWsnBkpStqVGpo.DLL
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 00:50
 
==================== End of FRST.txt ============================
 
and -
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2017
Ran by Administrator (07-07-2017 15:41:15)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {66CC6354-3233-4E6C-B77F-7F9909235C93} - System32\Tasks\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
Task: {96DD94AD-FEE3-44A4-B292-2309BAD91B2C} - System32\Tasks\{DF7190EA-A566-4524-8251-09C90BA1548A} => pcalua.exe -a C:\Windows\System32\vbrun60sp6.exe -d C:\Windows\System32
Task: {9DF19937-94BC-41C8-81B2-7AD60153CA8A} - System32\Tasks\{D541679C-346E-4C29-8016-18C9D42F6F18} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {CD658633-FE89-493E-8A1A-661E3F675207} - System32\Tasks\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {F256754D-96F3-4D87-A8C6-7C70301C1EBF} - \AutoKMS -> No File <==== ATTENTION
Task: {F3BCFD93-A876-4587-9D39-F99BA0EB5F06} - System32\Tasks\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S () C:\WINDOWS\mssecsvc.exe
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 02946680 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libglesv2.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 00087160 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:04 - 2017-07-03 15:58 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2017 11:43:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/06/2017 06:18:59 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={60420BB0-F076-4517-9043-21D27DCCC669}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 12:03:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/06/2017 11:55:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/06/2017 09:37:37 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={74109831-A482-47C0-B174-F1B5441C117B}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 09:37:08 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={15AE0429-2A65-499A-8908-E737076B53EE}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 12:30:43 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "c:\Windows\tasksche.exe".Error in manifest or policy file "c:\Windows\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (07/05/2017 09:58:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/05/2017 09:55:32 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (07/05/2017 09:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/07/2017 03:01:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 24 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 03:00:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 23 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:59:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 22 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 21 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:57:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 20 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:57:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/07/2017 02:56:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 19 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:55:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 18 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:54:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 17 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 02:53:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 16 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-10 14:30:13.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 57%
Total physical RAM: 2966.14 MB
Available physical RAM: 1264.02 MB
Total Virtual: 5930.57 MB
Available Virtual: 3865.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:35.91 GB) (Free:12.84 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.23 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:15.89 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.8 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Thank you for earliest possible response!

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP

I'm about to leave for the day but this looks like a version of WannaCry so it's important to kill it quickly.

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   4.34KB   8 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#3
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Sorry for delayed reply!

 

I have also been in contact with MalwareBytes regarding the non-running of MBAM. It seems that there might be some files "missing" which prevents MBAM from running (properly).

 

Anyway, here are the FRST fix and latest FRST scan logs -

 

FRST Fix -

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-07-2017
Ran by Administrator (10-07-2017 13:50:30) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\MountPoints2: {0698c26a-adf2-11e6-a5dc-806e6f6e6963} - G:\autorun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2017-04-01]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
R2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe [3723264 2017-07-05] () [File not signed]
R2 WELM; C:\Windows\Fonts\wininit.exe [1438724 2017-07-06] (Microsoft Corporation) [File not signed]
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S C:\Windows\mssecsvc.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03514368 ____S C:\Windows\tasksche.exe
Task: {66CC6354-3233-4E6C-B77F-7F9909235C93} - System32\Tasks\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
Task: {96DD94AD-FEE3-44A4-B292-2309BAD91B2C} - System32\Tasks\{DF7190EA-A566-4524-8251-09C90BA1548A} => pcalua.exe -a C:\Windows\System32\vbrun60sp6.exe -d C:\Windows\System32
Task: {9DF19937-94BC-41C8-81B2-7AD60153CA8A} - System32\Tasks\{D541679C-346E-4C29-8016-18C9D42F6F18} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {CD658633-FE89-493E-8A1A-661E3F675207} - System32\Tasks\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {F256754D-96F3-4D87-A8C6-7C70301C1EBF} - \AutoKMS -> No File <==== ATTENTION
Task: {F3BCFD93-A876-4587-9D39-F99BA0EB5F06} - System32\Tasks\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
C:\WINDOWS\mssecsvc.exe
CreateDummy: C:\WINDOWS\mssecsvc.exe
C:\Windows\tasksche.exe
CreateDummy: C:\Windows\tasksche.exe
C:\Windows\Fonts\WmiApSrv.exe 
CreateDummy: C:\Windows\Fonts\WmiApSrv.exe 
C:\Windows\Fonts\wininit.exe
CreateDummy: C:\Windows\Fonts\wininit.exe
C:\Windows\System32\GroupPolicy
C:\Windows\System32\GroupPolicyUsers
C:\Windows\SysWOW64\GroupPolicy
C:\Windows\SysWOW64\GroupPolicyUsers
CMD: gpupdate /force
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
 
 
*****************
 
Processes closed successfully.
HKU\S-1-5-21-1002102086-959386047-1437358805-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0698c26a-adf2-11e6-a5dc-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{0698c26a-adf2-11e6-a5dc-806e6f6e6963} => key not found. 
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk => moved successfully
C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe => moved successfully
mssecsvc2.0 => service not found.
WELM => service not found.
"C:\Windows\mssecsvc.exe" => not found.
"C:\Windows\tasksche.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66CC6354-3233-4E6C-B77F-7F9909235C93} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66CC6354-3233-4E6C-B77F-7F9909235C93} => key removed successfully.
C:\Windows\System32\Tasks\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96DD94AD-FEE3-44A4-B292-2309BAD91B2C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96DD94AD-FEE3-44A4-B292-2309BAD91B2C} => key removed successfully.
C:\Windows\System32\Tasks\{DF7190EA-A566-4524-8251-09C90BA1548A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF7190EA-A566-4524-8251-09C90BA1548A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF19937-94BC-41C8-81B2-7AD60153CA8A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF19937-94BC-41C8-81B2-7AD60153CA8A} => key removed successfully.
C:\Windows\System32\Tasks\{D541679C-346E-4C29-8016-18C9D42F6F18} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D541679C-346E-4C29-8016-18C9D42F6F18} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD658633-FE89-493E-8A1A-661E3F675207} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD658633-FE89-493E-8A1A-661E3F675207} => key removed successfully.
C:\Windows\System32\Tasks\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F256754D-96F3-4D87-A8C6-7C70301C1EBF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3BCFD93-A876-4587-9D39-F99BA0EB5F06} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3BCFD93-A876-4587-9D39-F99BA0EB5F06} => key removed successfully.
C:\Windows\System32\Tasks\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => key removed successfully.
"C:\WINDOWS\mssecsvc.exe" => not found.
C:\WINDOWS\mssecsvc.exe => dummy created successfully.
"C:\Windows\tasksche.exe" => not found.
C:\Windows\tasksche.exe => dummy created successfully.
"C:\Windows\Fonts\WmiApSrv.exe" => not found.
C:\Windows\Fonts\WmiApSrv.exe => dummy created successfully.
"C:\Windows\Fonts\wininit.exe" => not found.
C:\Windows\Fonts\wininit.exe => dummy created successfully.
C:\Windows\System32\GroupPolicy => moved successfully
C:\Windows\System32\GroupPolicyUsers => moved successfully
"C:\Windows\SysWOW64\GroupPolicy" => not found.
"C:\Windows\SysWOW64\GroupPolicyUsers" => not found.
 
========= gpupdate /force =========
 
Updating Policy...
 
 
 
User Policy update has completed successfully.
 
 
 
The following warnings were encountered during user policy processing:
 
 
 
Windows failed to record Resultant Set of Policy (RSoP) information, which describes the scope of Group Policy objects applied to the computer or user. This could be caused by Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.
 
Computer Policy update has completed successfully.
 
 
 
The following warnings were encountered during computer policy processing:
 
 
 
Windows failed to record Resultant Set of Policy (RSoP) information, which describes the scope of Group Policy objects applied to the computer or user. This could be caused by Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.
 
 
For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
 
 
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16639163 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 750254 B
Edge => 0 B
Chrome => 0 B
Firefox => 50461953 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 99721 B
LocalService => 0 B
NetworkService => 11286 B
Mine => 3121091 B
Administrator => 18586501 B
 
RecycleBin => 285053 B
EmptyTemp: => 85.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:50:59 ====
 
FRST scan -
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-07-2017
Ran by Administrator (administrator) on MINE-PC (11-07-2017 18:05:07)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-10]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-05]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 wk; C:\WINDOWS\Debug\wk\mscorsvw.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX™)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-11 18:05 - 2017-07-11 18:05 - 00012018 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-11 18:04 - 2017-07-11 18:04 - 00017438 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-11 17:48 - 2017-07-11 17:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 17:48 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-11 17:45 - 2017-07-11 17:45 - 00032142 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-10 21:22 - 2017-07-10 21:22 - 00001931 _____ C:\Users\Public\Desktop\Zoom Player FREE.lnk
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Bass Audio Decoder
2017-07-10 21:21 - 2017-07-10 21:49 - 00000000 ____D C:\ProgramData\Zoom Player
2017-07-10 21:21 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Zoom Player
2017-07-10 14:57 - 2017-07-10 14:57 - 00002021 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-10 14:56 - 2017-07-10 12:34 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2017-07-10 14:51 - 2017-07-10 14:55 - 00000000 ____D C:\AdwCleaner
2017-07-10 14:49 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2017-07-10 13:50 - 2017-07-11 18:05 - 00000000 ____D C:\FRST
2017-07-10 13:50 - 2017-07-10 13:50 - 00009043 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\tasksche.exe
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\mssecsvc.exe
2017-07-10 13:49 - 2017-07-10 00:46 - 01782784 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-10 12:49 - 2017-07-10 12:49 - 00001153 _____ C:\DelFix.txt
2017-07-10 12:49 - 2017-07-10 12:49 - 00000000 ____D C:\Windows\ERUNT
2017-07-10 00:17 - 2014-05-15 04:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-10 00:17 - 2014-05-15 04:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-10 00:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-10 00:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-09 20:53 - 2017-07-10 13:14 - 00000000 ____D C:\KVRT_Data
2017-07-09 20:49 - 2017-07-09 20:40 - 114377696 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\KVRT_3.exe
2017-07-09 15:35 - 2017-07-09 15:35 - 00028672 _____ C:\Windows\system32\73db5414.rdb
2017-07-09 13:40 - 2017-07-09 13:40 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-09 13:37 - 2011-06-03 18:01 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-09 13:37 - 2011-06-03 17:56 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-07-09 13:37 - 2011-05-14 18:26 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00001528 _____ C:\Windows\system32\DBAE3A9A.cfg
2017-07-09 13:37 - 2011-05-14 18:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-09 13:15 - 2017-07-09 15:17 - 00000000 ____D C:\EEK
2017-07-09 12:47 - 2017-07-10 12:11 - 00000000 ____D C:\Windows\erdnt
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 23:13 - 2017-07-06 23:14 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 15:18 - 2017-07-04 15:18 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-01 21:28 - 2017-07-11 18:05 - 00042558 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-11 18:05 - 00012286 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-07 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00002117 _____ C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-09 15:14 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-11 18:02 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-11 18:00 - 2017-02-28 17:41 - 01433188 _____ C:\Windows\ntbtlog.txt
2017-07-11 17:59 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-11 17:59 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-11 17:59 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-11 17:59 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-11 17:53 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-11 17:53 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 15:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\rescache
2017-07-11 12:50 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-10 13:50 - 2017-04-01 14:25 - 00000000 ____D C:\Program Files\Bookmark Buddy Unicode
2017-07-10 13:32 - 2010-11-21 09:01 - 00779086 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-10 13:32 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-09 15:14 - 2016-10-16 13:45 - 00000000 ____D C:\Program Files\DVDFab 9
2017-07-09 12:53 - 2009-07-14 14:04 - 00000215 _____ C:\Windows\system.ini
2017-07-07 21:48 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-03 16:03 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
 
==================== Files in the root of some directories =======
 
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
2017-07-10 14:56 - 2017-07-10 21:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-07-10 14:09 - 2017-07-10 21:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\mssecsvc.exe
C:\Windows\tasksche.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 00:50
 
==================== End of FRST.txt ============================
 
FRST Addition scan -
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-07-2017
Ran by Administrator (11-07-2017 18:05:49)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.70.1 (HKLM\...\lavfilters_is1) (Version: 0.70.1 - Hendrik Leppkes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 13.7 - Inmatrix LTD)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2017-07-05] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2016-10-06 23:28 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2017-06-19 12:05 - 2017-06-15 00:38 - 02946680 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libglesv2.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 00087160 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:04 - 2017-07-09 12:53 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{C7CAC6D3-0973-446D-836C-3F8346BE10FE}] => (Block) LPort=445
FirewallRules: [{C8BA7665-757D-4FE5-94D7-45FC15769B85}] => (Block) LPort=139
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2017 06:03:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={2785B475-546B-45E7-B3A0-CA586BEEE41E}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 01:35:11 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4C47DAE0-B450-4D8D-8D05-F1D1C7F4D2A9}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 12:33:31 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={331B852F-0BF5-4C7E-9DBE-E2B8D7AD3E18}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 10:24:26 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7B0B8D6F-81B9-4B1A-BF4B-8BAB47521043}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 10:23:55 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4AB86655-7F68-4617-A91C-AE5E9BF59E15}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 08:21:07 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C8B14617-6540-4CD1-B67F-82B0080A6AC9}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/11/2017 08:20:37 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E437D8FA-B331-4EF4-A09F-5FBE1D31B893}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/10/2017 05:59:18 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E047C513-96A0-4B5F-BBE8-2364D33708FB}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/10/2017 05:58:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8037668D-411D-4A21-87D3-CEB45CBE9A18}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/10/2017 03:01:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={EE21D0D2-46D1-43F5-A359-F4D1B50DCBB5}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
 
System errors:
=============
Error: (07/11/2017 06:02:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/11/2017 06:02:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2966.14 MB
Available physical RAM: 1651.02 MB
Total Virtual: 5930.57 MB
Available Virtual: 4459.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:35.91 GB) (Free:13.42 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:18.3 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.82 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP

Looks like WMI is broken which is why MBAM can't run.

 

Let's check the registry entries for WMI:

 

Copy the next two lines:

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt" /s > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#5
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here is the result of the reg query -

 

 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt
    DisplayName    REG_SZ    Windows Management Instrumentation
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs
    Description    REG_SZ    Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    ObjectName    REG_SZ    localSystem
    ErrorControl    REG_DWORD    0x0
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RPCSS
    ServiceSidType    REG_DWORD    0x1
    FailureActions    REG_BINARY    80510100000000000000000002000000140000000100000060EA00000100000060EA0000
    Group    REG_SZ    
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\wbem\WMIsvc.dll
    ServiceMain    REG_SZ    ServiceMain
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Security
    Security    REG_BINARY    01001480B4000000C4000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000500000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000000014008D010200010100000000000504000000000014008D01020001010000000000050600000001020000000000052000000020020000010100000000000512000000

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP
try 
Windows Repair all in one
 
 
Download it and save it then run it by right click and Run As Admin
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure  these are checked before hitting Start:
 
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Remove Policies Set By Infections
 
Reboot when done.
 
Run a FRST scan again with Addition.txt checked and post both logs.

  • 0

#7
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK. Downloaded and ran the latest portable version of WRAIO (Windows Repair All In One).

 

Only set the above quoted five settings for repairing Windows. After repairing, and re-booting, the repair seems to have worked! MBAM now runs! Thank you!!

 

Ran MBAM and it found 2 trojans which were quarantined.

 

A question. WRAIO is recommended to be run in Safe Mode (according to the program), but it was run in Normal Mode. When should this program be run in Safe Mode? And when should this program be run under Normal Mode?

 

FRST latest scans -

 

FRST scan -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2017
Ran by Administrator (administrator) on MINE-PC (12-07-2017 16:55:01)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Inmatrix LTD) C:\Program Files\Zoom Player\zplayer.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-10]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-12]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 wk; C:\WINDOWS\Debug\wk\mscorsvw.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX™)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-12] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 16:54 - 2017-07-12 16:54 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-12 16:23 - 2017-07-12 16:43 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 16:17 - 2017-07-12 16:17 - 00000000 ____D C:\RegBackup
2017-07-12 16:16 - 2017-07-12 16:16 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-12 13:55 - 2017-07-12 13:55 - 00001676 _____ C:\junk.txt
2017-07-12 13:03 - 2017-07-12 13:03 - 00000000 ____D C:\PCHunter_free
2017-07-12 12:13 - 2017-07-12 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode
2017-07-11 18:05 - 2017-07-12 16:55 - 00012393 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-11 18:05 - 2017-07-11 18:05 - 00023892 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-11 18:04 - 2017-07-11 18:04 - 00017438 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-11 17:48 - 2017-07-11 17:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 17:48 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-11 17:45 - 2017-07-11 17:45 - 00032142 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-10 21:22 - 2017-07-10 21:22 - 00001931 _____ C:\Users\Public\Desktop\Zoom Player FREE.lnk
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Bass Audio Decoder
2017-07-10 21:21 - 2017-07-12 16:52 - 00000000 ____D C:\ProgramData\Zoom Player
2017-07-10 21:21 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Zoom Player
2017-07-10 14:57 - 2017-07-10 14:57 - 00002021 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-10 14:56 - 2017-07-10 12:34 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2017-07-10 14:51 - 2017-07-10 14:55 - 00000000 ____D C:\AdwCleaner
2017-07-10 14:49 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2017-07-10 13:50 - 2017-07-12 16:55 - 00000000 ____D C:\FRST
2017-07-10 13:50 - 2017-07-10 13:50 - 00009043 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\tasksche.exe
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\mssecsvc.exe
2017-07-10 13:49 - 2017-07-12 16:54 - 01780224 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-10 12:49 - 2017-07-10 12:49 - 00001153 _____ C:\DelFix.txt
2017-07-10 12:49 - 2017-07-10 12:49 - 00000000 ____D C:\Windows\ERUNT
2017-07-10 00:17 - 2014-05-15 04:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-10 00:17 - 2014-05-15 04:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-10 00:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-10 00:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-09 20:53 - 2017-07-10 13:14 - 00000000 ____D C:\KVRT_Data
2017-07-09 20:49 - 2017-07-09 20:40 - 114377696 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\KVRT_3.exe
2017-07-09 13:40 - 2017-07-09 13:40 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-09 13:37 - 2011-06-03 18:01 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-09 13:37 - 2011-06-03 17:56 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-07-09 13:37 - 2011-05-14 18:26 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00001528 _____ C:\Windows\system32\DBAE3A9A.cfg
2017-07-09 13:37 - 2011-05-14 18:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-09 13:15 - 2017-07-09 15:17 - 00000000 ____D C:\EEK
2017-07-09 12:47 - 2017-07-10 12:11 - 00000000 ____D C:\Windows\erdnt
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 15:18 - 2017-07-12 16:24 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-01 21:28 - 2017-07-12 16:55 - 00044269 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-12 16:55 - 00014119 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-07 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-09 15:14 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:47 - 2010-11-21 09:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 16:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-12 16:43 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 16:42 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-12 16:42 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:42 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:42 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:23 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Mine\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Administrator\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000000 ____D C:\Program Files\Bookmark Buddy Unicode
2017-07-11 18:00 - 2017-02-28 17:41 - 01433188 _____ C:\Windows\ntbtlog.txt
2017-07-11 15:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\rescache
2017-07-11 12:50 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-09 15:14 - 2016-10-16 13:45 - 00000000 ____D C:\Program Files\DVDFab 9
2017-07-09 12:53 - 2009-07-14 14:04 - 00000215 _____ C:\Windows\system.ini
2017-07-07 21:48 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
 
==================== Files in the root of some directories =======
 
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
2017-07-10 14:56 - 2017-07-10 21:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-07-10 14:09 - 2017-07-12 16:15 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\mssecsvc.exe
C:\Windows\tasksche.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 13:24
 
==================== End of FRST.txt ============================
 
FRST Addition scan -
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2017
Ran by Administrator (12-07-2017 16:55:15)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.70.1 (HKLM\...\lavfilters_is1) (Version: 0.70.1 - Hendrik Leppkes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 13.7 - Inmatrix LTD)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2017-07-05] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-03-01 00:20 - 2014-03-01 00:20 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2016-10-06 23:28 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2017-06-19 12:05 - 2017-06-15 00:38 - 02946680 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libglesv2.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 00087160 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libegl.dll
2006-11-19 23:06 - 2006-11-19 23:06 - 00019456 _____ () C:\Program Files\Zoom Player\zpresampler.dll
2012-11-07 05:29 - 2012-11-07 05:29 - 00154112 _____ () C:\Program Files\Zoom Player\zpaudiovis.dll
2015-11-17 20:06 - 2015-11-17 20:06 - 00150528 _____ () C:\Program Files\Zoom Player\VideoGrabberDS_x86.dll
2017-07-10 21:22 - 2017-07-01 18:31 - 00280760 _____ () C:\Program Files\LAV Filters\x86\libbluray.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:04 - 2017-07-09 12:53 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{C7CAC6D3-0973-446D-836C-3F8346BE10FE}] => (Block) LPort=445
FirewallRules: [{C8BA7665-757D-4FE5-94D7-45FC15769B85}] => (Block) LPort=139
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2017 04:45:15 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7D793CE7-9941-4F31-B787-7F23B2EB00F7}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/12/2017 04:44:44 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={34FCBA52-C5C8-4B23-BA7C-FFA5CBB43908}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/12/2017 04:21:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\AS.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:21:21 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TSCFGWMI.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:21:00 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\VDS.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:21:00 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\VSS.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\MSI.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\NTEVT.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WMIPJOBJ.MOF while recovering .MOF file marked with autorecover.
 
Error: (07/12/2017 04:20:55 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WMIPIPRT.MOF while recovering .MOF file marked with autorecover.
 
 
System errors:
=============
Error: (07/12/2017 04:43:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wk service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/12/2017 04:23:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wk service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/12/2017 04:20:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/12/2017 11:56:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/12/2017 10:55:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/12/2017 10:55:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/12/2017 10:55:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/12/2017 10:55:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/12/2017 10:55:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/12/2017 10:55:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2966.14 MB
Available physical RAM: 1646.84 MB
Total Virtual: 5930.57 MB
Available Virtual: 4204.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:35.91 GB) (Free:13.36 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:18.27 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.82 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP

These days (win 8 and later) it's hard to get into Safe Mode so I don't bother with it unless WRAIO doesn't work the first time in regular mode.

Can you post the log from MBAM?

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   2.3KB   8 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#9
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

MBAM log -

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/12/17
Scan Time: 4:25 PM
Log File: MBAM.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.0
Update Package Version: 1.0.0
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mine-PC\Administrator
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 138221
Threats Detected: 3
Threats Quarantined: 2
Time Elapsed: 16 min, 31 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\Comremoteaccess70, Quarantined, [24], [214866],1.0.0
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.TweakBit, C:\PROGRAM FILES\PC-REPAIR-KIT-SETUP.EXE, No Action By User, [1184], [340092],1.0.0
Trojan.Agent.Trace, C:\WINDOWS\SYSTEM32\73DB5414.RDB, Quarantined, [3189], [247913],1.0.0
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
FRST Fix log - (this is a HUGE file, so I've just attached the whole file instead of copying and pasting)
 
Attached File  Fixlog.txt   703.69KB   8 downloads
 
 
FRST scan -
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2017
Ran by Administrator (administrator) on MINE-PC (13-07-2017 12:48:30)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Edward Leigh) C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-10]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-12]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX™)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-13] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 12:41 - 2017-07-13 12:41 - 00001371 _____ C:\Users\Administrator\Desktop\MBAM.txt
2017-07-12 21:36 - 2017-07-12 21:36 - 00106449 _____ C:\Users\Administrator\Desktop\ZHPDiag.txt
2017-07-12 21:33 - 2017-07-12 21:33 - 00000872 _____ C:\Users\Administrator\Desktop\SALog.txt
2017-07-12 16:54 - 2017-07-12 16:54 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-12 16:23 - 2017-07-13 12:46 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 16:17 - 2017-07-12 16:17 - 00000000 ____D C:\RegBackup
2017-07-12 16:16 - 2017-07-12 16:16 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-12 13:55 - 2017-07-12 13:55 - 00001676 _____ C:\junk.txt
2017-07-12 13:03 - 2017-07-12 13:03 - 00000000 ____D C:\PCHunter_free
2017-07-12 12:13 - 2017-07-12 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode
2017-07-11 18:05 - 2017-07-13 12:48 - 00011381 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-11 18:05 - 2017-07-12 16:55 - 00024337 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-11 18:04 - 2017-07-11 18:04 - 00017438 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-11 17:48 - 2017-07-11 17:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 17:48 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-11 17:45 - 2017-07-11 17:45 - 00032142 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-10 21:22 - 2017-07-10 21:22 - 00001931 _____ C:\Users\Public\Desktop\Zoom Player FREE.lnk
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Bass Audio Decoder
2017-07-10 21:21 - 2017-07-12 21:09 - 00000000 ____D C:\ProgramData\Zoom Player
2017-07-10 21:21 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Zoom Player
2017-07-10 14:57 - 2017-07-10 14:57 - 00002021 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-10 14:56 - 2017-07-10 12:34 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2017-07-10 14:51 - 2017-07-10 14:55 - 00000000 ____D C:\AdwCleaner
2017-07-10 14:49 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2017-07-10 13:50 - 2017-07-13 12:48 - 00000000 ____D C:\FRST
2017-07-10 13:50 - 2017-07-13 12:45 - 00720574 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-10 13:49 - 2017-07-12 16:54 - 01780224 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-10 12:49 - 2017-07-10 12:49 - 00001153 _____ C:\DelFix.txt
2017-07-10 12:49 - 2017-07-10 12:49 - 00000000 ____D C:\Windows\ERUNT
2017-07-10 00:17 - 2014-05-15 04:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-10 00:17 - 2014-05-15 04:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-10 00:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-10 00:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-09 20:53 - 2017-07-10 13:14 - 00000000 ____D C:\KVRT_Data
2017-07-09 20:49 - 2017-07-09 20:40 - 114377696 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\KVRT_3.exe
2017-07-09 13:40 - 2017-07-09 13:40 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-09 13:37 - 2011-06-03 18:01 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-09 13:37 - 2011-06-03 17:56 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-07-09 13:37 - 2011-05-14 18:26 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00001528 _____ C:\Windows\system32\DBAE3A9A.cfg
2017-07-09 13:37 - 2011-05-14 18:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-09 13:15 - 2017-07-09 15:17 - 00000000 ____D C:\EEK
2017-07-09 12:47 - 2017-07-10 12:11 - 00000000 ____D C:\Windows\erdnt
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 15:18 - 2017-07-12 16:24 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-01 21:28 - 2017-07-13 12:48 - 00041874 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-13 12:48 - 00011678 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-07 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-07-12 21:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-07-12 21:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-09 15:14 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 12:46 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 12:45 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-13 12:45 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-13 12:45 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 21:34 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:47 - 2010-11-21 09:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 16:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-12 16:42 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-12 16:23 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Mine\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Administrator\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000000 ____D C:\Program Files\Bookmark Buddy Unicode
2017-07-11 18:00 - 2017-02-28 17:41 - 01433188 _____ C:\Windows\ntbtlog.txt
2017-07-11 15:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\rescache
2017-07-11 12:50 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-09 15:14 - 2016-10-16 13:45 - 00000000 ____D C:\Program Files\DVDFab 9
2017-07-09 12:53 - 2009-07-14 14:04 - 00000215 _____ C:\Windows\system.ini
2017-07-07 21:48 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
 
==================== Files in the root of some directories =======
 
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 13:24
 
==================== End of FRST.txt ============================
 
 
FRST Addition scan -
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2017
Ran by Administrator (13-07-2017 12:48:52)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.70.1 (HKLM\...\lavfilters_is1) (Version: 0.70.1 - Hendrik Leppkes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 13.7 - Inmatrix LTD)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2017-07-05] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-03-01 00:20 - 2014-03-01 00:20 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2016-10-06 23:28 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:04 - 2017-07-09 12:53 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{C7CAC6D3-0973-446D-836C-3F8346BE10FE}] => (Block) LPort=445
FirewallRules: [{C8BA7665-757D-4FE5-94D7-45FC15769B85}] => (Block) LPort=139
 
==================== Restore Points =========================
 
12-07-2017 22:26:51 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2017 12:47:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5F44CE1D-1EA2-4E13-A14C-3990A740BBFE}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/13/2017 12:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6aabc
Faulting module name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6aabc
Exception code: 0x40000015
Fault offset: 0x001b1828
Faulting process id: 0xb74
Faulting application start time: 0x01d2fb714207d879
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 88afd4a2-6764-11e7-beee-bc5ff447e4a8
 
 
System errors:
=============
Error: (07/13/2017 12:45:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (07/13/2017 12:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/13/2017 12:45:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Malwarebytes Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 2966.14 MB
Available physical RAM: 1952.72 MB
Total Virtual: 5930.57 MB
Available Virtual: 4821.4 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:35.91 GB) (Free:12.49 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:17.99 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.82 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP

Right click on Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.


  • 0

Advertisements


#11
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK. Actually I only have "Show Hidden Devices", there is no "Show Hidden Drivers" that I can see.

 

There are three devices listed with yellow flags under "Other devices" within Device Manager -

 

 

PCI\VEN_8086&DEV_1E3A&SUBSYS_1E3A1849&REV_04
 
ACPI\INT33A0
 
PCI\VEN_8086&DEV_0162&SUBSYS_01621849&REV_09
 

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP
PCI\VEN_8086&DEV_1E3A&SUBSYS_1E3A1849&REV_04  Intel® Management Engine Interface - not needed
 
ACPI\INT33A0 - Intel® Smart Connect Technology - not needed 
 
PCI\VEN_8086&DEV_0162&SUBSYS_01621849&REV_09 - Intel® HD Graphics 4000 If you aren't using the built-in video then also not needed.
 
I would right click on each and Disable.
 
You have:
 
MSCONFIG\Services: wuauserv => 2

 

 
This is Windows Update.  Best to let it run.
 
Do you know what this is?

Error: (07/13/2017 12:47:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5F44CE1D-1EA2-4E13-A14C-3990A740BBFE}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 

 

 

 
Unless you put this in
search for
services.msc and hit Enter
 
Find Remote Access Auto Connection Manager and right click on it and select Properties.  Make sure the Startup Type: is Manual not automatic.  If it has Manual and is running then change it to Disabled.

  • 0

#13
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks!

 

All three devices have now been disabled.

 

I'm on a dial-up internet connection. The error 691 occurs often (as of some months ago) whenever I try to connect to the internet. Error 691 returns the message "Access denied because username and/or password is invalid on the domain". This is nonsense, since my username and password are correct. It may take up to 6 dial-up attempts to get a successful connection now. But on odd occasion I may have to reboot my computer after about 8 dial-up attempts which resulted in failure to connect (error 691). Previously I could usually connect successfully on the first dial-up attempt. I've tried reinstalling modem drivers and retyping username/password, but with little or no improvement; still get 691 errors.

 

I'm presuming there is some issue with my ISP, especially as I know someone else who is also having the same dial-up difficulties with the same ISP.

 

 

Remote Access Auto Connection Manager is set on "Manual" for Start Up Type, and is shown as null (it is not running).

 

Regarding Windows updating, I think I've disabled this intentionally because I'm on a slow internet connection and some updated files are huge and can take literally hours to download. This also ties up my computer and virtually prevents using it for other things. And there is no guarantee the downloads will be successful either due to drop-outs or whatever, and which would then require attempts at re-downloading files again.


Edited by brispuss, 12 July 2017 - 08:51 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,388 posts
  • MVP

I would try turning on Windows Update at night before you go to bed and leave it up while you sleep.  

 

You only have the free version of MBAM (I think) and Windows Defender gets its updates from Windows Update so it's not up to date.  I would install the free Avast.

 

Click on Download then choose the free version.
 
 
Download, Save, and right click and Run As Administrator.
 
Once it's installed and updated then let it run a boot-time scan while you sleep to make sure we got all of the malware (not the same night you turn on Windows Update)  
 
 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.If you don't want to keep Avast you can uninstall it after the boot-time scan.
 
 
You should complain to the ISP about the 691 errors.  If you need backup turn on tracing.  I think it should be PPP where the problem is so open a Command Prompt and type:
 
netsh ras set tracing ppp enable

This should create a log file:  c:\windows\tracting\ppp.log

This is a hidden location so you will need to tell Windows to let you see it:
 
 
Turn it off once you capture a 691 error.  
 
You had MBAM errors the last boot so go into services.msc again and make sure the Malwarebytes Service is running.
 
netsh ras set tracing ppp enable
 
 
 

 

 
 

  • 0

#15
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Avast Free Antivirus has been downloaded and installed. A (basic) scan was done, but with nothing to report. The boot scan will be attempted later.

 

MalwareBytes service is definitely running (ie "started"; I checked via services.msc), and Startup Type is "Automatic".

 

I'll do a trace ppp shortly, and see what happens.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP