OK. Downloaded and ran the latest portable version of WRAIO (Windows Repair All In One).
Only set the above quoted five settings for repairing Windows. After repairing, and re-booting, the repair seems to have worked! MBAM now runs! Thank you!!
Ran MBAM and it found 2 trojans which were quarantined.
A question. WRAIO is recommended to be run in Safe Mode (according to the program), but it was run in Normal Mode. When should this program be run in Safe Mode? And when should this program be run under Normal Mode?
FRST latest scans -
FRST scan -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2017
Ran by Administrator (administrator) on MINE-PC (12-07-2017 16:55:01)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Inmatrix LTD) C:\Program Files\Zoom Player\zplayer.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-10]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
[email protected] [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
[email protected] [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\
[email protected] [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-12]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 wk; C:\WINDOWS\Debug\wk\mscorsvw.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-12] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-12 16:54 - 2017-07-12 16:54 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-12 16:23 - 2017-07-12 16:43 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 16:17 - 2017-07-12 16:17 - 00000000 ____D C:\RegBackup
2017-07-12 16:16 - 2017-07-12 16:16 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-12 13:55 - 2017-07-12 13:55 - 00001676 _____ C:\junk.txt
2017-07-12 13:03 - 2017-07-12 13:03 - 00000000 ____D C:\PCHunter_free
2017-07-12 12:13 - 2017-07-12 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode
2017-07-11 18:05 - 2017-07-12 16:55 - 00012393 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-11 18:05 - 2017-07-11 18:05 - 00023892 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-11 18:04 - 2017-07-11 18:04 - 00017438 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-11 17:48 - 2017-07-11 17:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 17:48 - 2017-07-11 17:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 17:48 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-11 17:45 - 2017-07-11 17:45 - 00032142 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-10 21:22 - 2017-07-10 21:22 - 00001931 _____ C:\Users\Public\Desktop\Zoom Player FREE.lnk
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\LAV Filters
2017-07-10 21:22 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Bass Audio Decoder
2017-07-10 21:21 - 2017-07-12 16:52 - 00000000 ____D C:\ProgramData\Zoom Player
2017-07-10 21:21 - 2017-07-10 21:22 - 00000000 ____D C:\Program Files\Zoom Player
2017-07-10 14:57 - 2017-07-10 14:57 - 00002021 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-10 14:56 - 2017-07-10 12:34 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2017-07-10 14:51 - 2017-07-10 14:55 - 00000000 ____D C:\AdwCleaner
2017-07-10 14:49 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2017-07-10 13:50 - 2017-07-12 16:55 - 00000000 ____D C:\FRST
2017-07-10 13:50 - 2017-07-10 13:50 - 00009043 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\tasksche.exe
2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 _RSHD C:\Windows\mssecsvc.exe
2017-07-10 13:49 - 2017-07-12 16:54 - 01780224 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-10 12:49 - 2017-07-10 12:49 - 00001153 _____ C:\DelFix.txt
2017-07-10 12:49 - 2017-07-10 12:49 - 00000000 ____D C:\Windows\ERUNT
2017-07-10 00:17 - 2014-05-15 04:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-10 00:17 - 2014-05-15 04:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-07-10 00:17 - 2014-05-15 04:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-10 00:17 - 2014-05-15 04:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-10 00:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-10 00:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-09 20:53 - 2017-07-10 13:14 - 00000000 ____D C:\KVRT_Data
2017-07-09 20:49 - 2017-07-09 20:40 - 114377696 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\KVRT_3.exe
2017-07-09 13:40 - 2017-07-09 13:40 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-09 13:37 - 2011-06-03 18:01 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-09 13:37 - 2011-06-03 17:56 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-07-09 13:37 - 2011-05-14 18:26 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-09 13:37 - 2011-05-14 18:26 - 00001528 _____ C:\Windows\system32\DBAE3A9A.cfg
2017-07-09 13:37 - 2011-05-14 18:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-09 13:37 - 2011-05-14 16:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-09 13:15 - 2017-07-09 15:17 - 00000000 ____D C:\EEK
2017-07-09 12:47 - 2017-07-10 12:11 - 00000000 ____D C:\Windows\erdnt
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 15:18 - 2017-07-12 16:24 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-01 21:28 - 2017-07-12 16:55 - 00044269 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-12 16:55 - 00014119 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-07 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-07-10 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-09 15:14 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:47 - 2010-11-21 09:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 16:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-12 16:43 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 16:42 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-12 16:42 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:42 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:42 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-12 16:23 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Mine\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000983 _____ C:\Users\Administrator\Desktop\Bookmark Buddy Unicode.lnk
2017-07-12 12:13 - 2017-04-01 14:25 - 00000000 ____D C:\Program Files\Bookmark Buddy Unicode
2017-07-11 18:00 - 2017-02-28 17:41 - 01433188 _____ C:\Windows\ntbtlog.txt
2017-07-11 15:47 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\rescache
2017-07-11 12:50 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-09 15:14 - 2016-10-16 13:45 - 00000000 ____D C:\Program Files\DVDFab 9
2017-07-09 12:53 - 2009-07-14 14:04 - 00000215 _____ C:\Windows\system.ini
2017-07-07 21:48 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
==================== Files in the root of some directories =======
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
Some files in TEMP:
====================
2017-07-10 14:56 - 2017-07-10 21:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-07-10 14:09 - 2017-07-12 16:15 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.exe
Some zero byte size files/folders:
==========================
C:\Windows\mssecsvc.exe
C:\Windows\tasksche.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-12 13:24
==================== End of FRST.txt ============================
FRST Addition scan -
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2017
Ran by Administrator (12-07-2017 16:55:15)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version: - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version: - )
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version: - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version: - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version: - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.70.1 (HKLM\...\lavfilters_is1) (Version: 0.70.1 - Hendrik Leppkes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version: - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version: - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 13.7 - Inmatrix LTD)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2017-07-05] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-03-01 00:20 - 2014-03-01 00:20 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2016-10-06 23:28 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2017-06-19 12:05 - 2017-06-15 00:38 - 02946680 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libglesv2.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 00087160 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libegl.dll
2006-11-19 23:06 - 2006-11-19 23:06 - 00019456 _____ () C:\Program Files\Zoom Player\zpresampler.dll
2012-11-07 05:29 - 2012-11-07 05:29 - 00154112 _____ () C:\Program Files\Zoom Player\zpaudiovis.dll
2015-11-17 20:06 - 2015-11-17 20:06 - 00150528 _____ () C:\Program Files\Zoom Player\VideoGrabberDS_x86.dll
2017-07-10 21:22 - 2017-07-01 18:31 - 00280760 _____ () C:\Program Files\LAV Filters\x86\libbluray.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36951750.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 14:04 - 2017-07-09 12:53 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{C7CAC6D3-0973-446D-836C-3F8346BE10FE}] => (Block) LPort=445
FirewallRules: [{C8BA7665-757D-4FE5-94D7-45FC15769B85}] => (Block) LPort=139
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2017 04:45:15 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7D793CE7-9941-4F31-B787-7F23B2EB00F7}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
Error: (07/12/2017 04:44:44 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={34FCBA52-C5C8-4B23-BA7C-FFA5CBB43908}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
Error: (07/12/2017 04:21:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\AS.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:21:21 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\TSCFGWMI.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:21:00 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\VDS.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:21:00 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\VSS.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\MSI.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\NTEVT.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:20:56 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WMIPJOBJ.MOF while recovering .MOF file marked with autorecover.
Error: (07/12/2017 04:20:55 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x80041002 encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WMIPIPRT.MOF while recovering .MOF file marked with autorecover.
System errors:
=============
Error: (07/12/2017 04:43:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wk service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/12/2017 04:23:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wk service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/12/2017 04:20:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (07/12/2017 11:56:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (07/12/2017 10:55:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (07/12/2017 10:55:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (07/12/2017 10:55:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (07/12/2017 10:55:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (07/12/2017 10:55:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (07/12/2017 10:55:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.
==================== Memory info ===========================
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2966.14 MB
Available physical RAM: 1646.84 MB
Total Virtual: 5930.57 MB
Available Virtual: 4204.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:35.91 GB) (Free:13.36 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:18.27 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.82 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================