Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC windows 7 is slowing down and sometimes shut down by itself

Windows7

  • Please log in to reply

#1
alisonmunandar

alisonmunandar

    Member

  • Member
  • PipPip
  • 49 posts
I have a problem with my PC...recently it load longer than usual and sometimes freezed and shut down by itself. Any help will be appreciated. Thank you
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,814 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

 

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
67.0.3396.87_66.0.3359.181_chrome_updater.exe        1,624 K    1,708 K    2336    Google Chrome Installer    Google Inc.    (Verified) Google Inc
armsvc.exe        1,220 K    4,240 K    1940    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
atieclxx.exe        2,868 K    8,352 K    3056    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe        1,544 K    4,704 K    1036    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
lsm.exe        2,832 K    4,888 K    796    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
mDNSResponder.exe        2,680 K    6,532 K    672    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
msseces.exe        7,208 K    15,868 K    3036    Microsoft Security Client User Interface    Microsoft Corporation    (Verified) Microsoft Corporation
NisSrv.exe        14,880 K    8,648 K    2732    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
notepad.exe        2,076 K    7,204 K    5336    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
nusb3mon.exe        1,780 K    5,624 K    1684    AMD USB 3.0 Device Detector    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
PresentationFontCache.exe        35,232 K    35,272 K    5452    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
procexp.exe        2,328 K    7,896 K    3816    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
RAVCpl64.exe        8,712 K    11,412 K    2076    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
setup.exe        3,256 K    5,628 K    2340    Google Chrome Installer    Google Inc.    (Verified) Google Inc
smss.exe        556 K    1,336 K    300    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,976 K    12,916 K    1804    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
SpotifyWebHelper.exe        1,584 K    5,476 K    2004    SpotifyWebHelper    Spotify Ltd    (Verified) Spotify AB
sppsvc.exe        2,648 K    8,852 K    3124    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
SSScheduler.exe        1,460 K    4,192 K    4116    McAfee Security Scanner Scheduler    McAfee, Inc.    (Verified) McAfee
svchost.exe        2,040 K    6,120 K    2080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,268 K    6,292 K    6984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,764 K    11,896 K    5588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,504 K    7,016 K    6848    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,068 K    5,980 K    3768    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        44,044 K    48,372 K    1292    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TunnelBear.Maintenance.exe        23,084 K    37,008 K    2116    TunnelBear.Maintenance        (Verified) TunnelBear
unsecapp.exe        1,832 K    5,776 K    4556    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
Wacom_Tablet.exe        9,628 K    21,824 K    3464    Tablet Service for professional driver    Wacom Technology, Corp.    (Verified) Wacom Technology Corporation
Wacom_TabletUser.exe        1,924 K    5,960 K    3360    Tablet user module for professional driver    Wacom Technology, Corp.    (Verified) Wacom Technology Corporation
Wacom_TouchUser.exe        4,480 K    13,100 K    3484    Touch User Mode Driver    Wacom Technology, Corp.    (Verified) Wacom Technology Corporation
WacomHost.exe        1,668 K    6,664 K    3368    Wacom Load Agent    Wacom Technology    (Verified) Wacom Technology Corp.
wininit.exe        1,688 K    4,872 K    660    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,384 K    7,968 K    760    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,692 K    6,884 K    2200    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        7,904 K    15,040 K    2656    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WTabletServicePro.exe        1,680 K    5,292 K    1468    Tablet Service    Wacom Technology, Corp.    (Verified) Wacom Technology Corporation
wuauclt.exe        2,288 K    7,672 K    5372    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
iTunesHelper.exe    < 0.01    4,672 K    13,820 K    3012    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
rundll32.exe    < 0.01    2,536 K    6,556 K    6516    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    < 0.01    6,872 K    3,148 K    4864    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
Lavasoft.WCAssistant.WinService.exe    < 0.01    38,052 K    44,300 K    2292    SPWindowsService        (Verified) Lavasoft Software Canada
svchost.exe    < 0.01    6,676 K    11,316 K    5912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    6,756 K    13,000 K    1408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    29,456 K    35,288 K    1536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AAM Updates Notifier.exe    < 0.01    7,480 K    6,912 K    6192    AAM Updates Notifier Application    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
DTLService.exe    < 0.01    7,552 K    12,952 K    2028    驱动人生服务    深圳市驱动人生软件技术有限公司    (A certificate chain could not be built to a trusted root authority) 深圳市驱动人生软件技术有限公司
taskhost.exe    < 0.01    13,440 K    15,856 K    3292    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
VSSVC.exe    < 0.01    8,800 K    14,916 K    6532    Microsoft® Volume Shadow Copy Service    Microsoft Corporation    (Verified) Microsoft Windows
EvernoteClipper.exe    < 0.01    3,132 K    7,268 K    4184    Evernote Clipper    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    (Verified) EVERNOTE CORPORATION
slui.exe    < 0.01    3,532 K    11,672 K    6900    Windows Activation Client    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    < 0.01    5,028 K    12,696 K    788    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    14,276 K    26,648 K    1140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    < 0.01    4,024 K    11,488 K    1964    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
iPodService.exe    < 0.01    2,408 K    7,500 K    3076    iPodService Module (64-bit)    Apple Inc.    (Verified) Apple Inc.
firefox.exe    < 0.01    49,740 K    52,012 K    5276    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    < 0.01    2,712 K    5,344 K    584    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    5,464 K    9,500 K    996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    < 0.01    74,332 K    86,936 K    6596    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
WebCompanion.exe    0.02    90,088 K    84,744 K    3680    Web Companion    Lavasoft    (Verified) Lavasoft Software Canada
SearchIndexer.exe    0.02    40,540 K    39,720 K    3892    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
WkSvMgr.exe    0.02    5,076 K    11,256 K    4144    WkSvMgr    WIBU-SYSTEMS AG    (Verified) WIBU-SYSTEMS AG
svchost.exe    0.03    22,164 K    24,600 K    1076    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
services.exe    0.04    7,172 K    10,824 K    728    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.06    49,176 K    72,932 K    4056    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.06    634,112 K    360,800 K    1172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.10    12,992 K    17,220 K    1832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
GoogleUpdate.exe    0.10    2,744 K    2,060 K    5400    Google Installer    Google Inc.    (Verified) Google Inc
svchost.exe    0.13    5,260 K    10,872 K    900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.19    3,280 K    11,028 K    684    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
GoogleUpdate.exe    0.25    10,440 K    17,712 K    3228    Google Installer    Google Inc.    (Verified) Google Inc
svchost.exe    0.28    218,992 K    229,372 K    1108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TWCU.exe    0.28    11,524 K    21,280 K    4164            (No signature was present in the subject)
DriveTheLife.exe    0.30    32,544 K    15,868 K    4672    驱动人生    深圳市驱动人生软件技术有限公司    (A certificate chain could not be built to a trusted root authority) 深圳市驱动人生软件技术有限公司
AvastUI.exe    0.34    18,328 K    30,664 K    4604    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
firefox.exe    0.43    36,936 K    50,264 K    6172    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.57    204,096 K    278,360 K    5856    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    0.58    33,264 K    33,812 K    4048    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
System    0.79    256 K    7,448 K    4            
Interrupts    0.91    0 K    0 K    n/a    Hardware Interrupts and DPCs        
MsMpEng.exe    1.09    155,116 K    206,848 K    328    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
procexp64.exe    1.52    33,076 K    56,156 K    2548    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    1.80    211,688 K    242,668 K    3764    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
setup.exe    5.36    13,068 K    24,984 K    6328    Google Chrome Installer    Google Inc.    (Verified) Google Inc
AvastSvc.exe    9.12    76,232 K    54,256 K    1644    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
System Idle Process    75.54    0 K    24 K    0            

 


  • 0

#4
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       300 N/A                                         
csrss.exe                      584 N/A                                         
wininit.exe                    660 N/A                                         
csrss.exe                      684 N/A                                         
services.exe                   728 N/A                                         
winlogon.exe                   760 N/A                                         
lsass.exe                      788 KeyIso, SamSs                               
lsm.exe                        796 N/A                                         
svchost.exe                    900 DcomLaunch, PlugPlay, Power                 
svchost.exe                    996 RpcEptMapper, RpcSs                         
MsMpEng.exe                    328 MsMpSvc                                     
atiesrxx.exe                  1036 AMD External Events Utility                 
svchost.exe                   1076 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1108 AudioEndpointBuilder, CscService, hidserv,  
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,      
                                   wudfsvc                                     
svchost.exe                   1140 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
svchost.exe                   1172 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, gpsvc, IKEEXT, iphlpsvc,           
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
TrustedInstaller.exe          1292 TrustedInstaller                            
WTabletServicePro.exe         1468 WTabletServicePro                           
svchost.exe                   1536 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AvastSvc.exe                  1644 avast! Antivirus                            
spoolsv.exe                   1804 Spooler                                     
svchost.exe                   1832 BFE, DPS, MpsSvc                            
armsvc.exe                    1940 AdobeARMservice                             
AppleMobileDeviceService.     1964 Apple Mobile Device Service                 
mDNSResponder.exe              672 Bonjour Service                             
svchost.exe                   1408 DiagTrack                                   
DTLService.exe                2028 DTLService                                  
svchost.exe                   2080 stisvc                                      
TunnelBear.Maintenance.ex     2116 TunnelBearMaintenance                       
Lavasoft.WCAssistant.WinS     2292 WCAssistantService                          
WmiPrvSE.exe                  2656 N/A                                         
NisSrv.exe                    2732 NisSrv                                      
atieclxx.exe                  3056 N/A                                         
sppsvc.exe                    3124 sppsvc                                      
taskhost.exe                  3292 N/A                                         
Wacom_TabletUser.exe          3360 N/A                                         
WacomHost.exe                 3368 N/A                                         
Wacom_Tablet.exe              3464 N/A                                         
Wacom_TouchUser.exe           3484 N/A                                         
dwm.exe                       4048 N/A                                         
explorer.exe                  4056 N/A                                         
RAVCpl64.exe                  2076 N/A                                         
nusb3mon.exe                  1684 N/A                                         
msseces.exe                   3036 N/A                                         
iTunesHelper.exe              3012 N/A                                         
SearchIndexer.exe             3892 WSearch                                     
iPodService.exe               3076 iPod Service                                
WebCompanion.exe              3680 N/A                                         
SpotifyWebHelper.exe          2004 N/A                                         
SSScheduler.exe               4116 N/A                                         
WkSvMgr.exe                   4144 N/A                                         
TWCU.exe                      4164 N/A                                         
EvernoteClipper.exe           4184 N/A                                         
unsecapp.exe                  4556 N/A                                         
AvastUI.exe                   4604 N/A                                         
DriveTheLife.exe              4672 N/A                                         
PresentationFontCache.exe     5452 FontCache3.0.0.0                            
svchost.exe                   5912 FDResPub, SSDPSRV                           
wmpnetwk.exe                  4864 WMPNetworkSvc                               
svchost.exe                   5588 p2pimsvc, p2psvc, PNRPsvc                   
rundll32.exe                  6516 N/A                                         
wuauclt.exe                   5372 N/A                                         
firefox.exe                   5856 N/A                                         
firefox.exe                   6172 N/A                                         
firefox.exe                   6596 N/A                                         
firefox.exe                   3764 N/A                                         
firefox.exe                   5276 N/A                                         
slui.exe                      6900 N/A                                         
taskeng.exe                   6848 N/A                                         
AAM Updates Notifier.exe      6192 N/A                                         
notepad.exe                   5336 N/A                                         
svchost.exe                   6984 swprv                                       
WmiPrvSE.exe                  2200 N/A                                         
audiodg.exe                   6428 N/A                                         
notepad.exe                   1788 N/A                                         
SearchProtocolHost.exe        3952 N/A                                         
SearchFilterHost.exe          6060 N/A                                         
cmd.exe                       5308 N/A                                         
conhost.exe                   3212 N/A                                         
tasklist.exe                  5796 N/A                                         
 


  • 0

#5
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

This is the speecy result


  • 0

#6
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

This is the speecy reslut

Attached Files


  • 0

#7
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (administrator) on WINDOWS7-PC (16-06-2018 21:01:03)
Running from C:\Users\WINDOWS7\Downloads
Loaded Profiles: WINDOWS7 (Available Profiles: WINDOWS7)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DriveTheLife2012\DTLService.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Spotify Ltd) C:\Users\WINDOWS7\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DriveTheLife2012\DriveTheLife.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-18] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DriveTheLife2012] => C:\Program Files (x86)\DriveTheLife2012\DriveTheLife.exe [1109888 2012-03-31] (深圳市驱动人生软件技术有限公司)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Spotify] => C:\Users\WINDOWS7\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-28] (Spotify Ltd)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-06] (Lavasoft)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [BitTorrent] => C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe [1991104 2018-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Spotify Web Helper] => C:\Users\WINDOWS7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-28] (Spotify Ltd)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {422461e7-d272-11e6-82ce-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {42246216-d272-11e6-82ce-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {4bc607fa-c919-11e7-bfd0-003018ad7743} - V:\MAXON-Start.exe
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {8c5a10ff-d278-11e6-b2cb-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {da78fe56-d26f-11e6-8a06-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-09-21]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-05-20]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\WINDOWS7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-10]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6BD95C13-2E1F-4194-9A44-36664A457EFE}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{BD752DE7-0918-4265-934A-22FE76B2B827}: [NameServer] 4.2.2.1,4.2.2.6
Tcpip\..\Interfaces\{BD752DE7-0918-4265-934A-22FE76B2B827}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D45BCE11-3A83-4A1E-941C-069901900870}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10427__180505__yaie&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-18] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: qq6om5z5.default-1510674967152
FF ProfilePath: C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 [2018-06-16]
FF Homepage: Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 -> hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaff
FF NewTab: Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 -> hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaff
FF Extension: (Grammarly for Firefox) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-05-18]
FF Extension: (Avira Browser Safety) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-05-13]
FF Extension: (Avira Password Manager) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Avira SafeSearch Plus) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Avast SafePrice) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-16]
FF Extension: (Avast Online Security) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-16]
FF Extension: (Video DownloadHelper) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-06-06]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\features\{311ec405-dd84-460b-ae98-c63ee75bd963}\[email protected] [2018-06-09] [Legacy]
FF SearchPlugin: C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR Profile: C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default [2018-06-15]
CHR Extension: (Docs) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-26]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-06-15]
CHR Extension: (YouTube) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Video DownloadHelper) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Search Manager) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2018-06-13]
CHR Extension: (Gmail) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-18] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-18] (AVAST Software)
R2 DTLService; C:\Program Files (x86)\DriveTheLife2012\DTLService.exe [184208 2012-03-29] (深圳市驱动人生软件技术有限公司)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [39296 2017-12-12] ()
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [742864 2016-03-22] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdiommu; C:\Windows\System32\DRIVERS\amdkiomd.sys [77312 2013-12-07] (Advanced Micro Devices, Inc.)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-18] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-05-18] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-05-18] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-05-18] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-05-18] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-18] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-18] (AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-18] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-18] (AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-18] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-18] (AVAST Software)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 HWCore; C:\Program Files (x86)\DriveTheLife2012\hwcore.sys [29584 2012-03-13] (<company name here>)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [102864 2016-03-03] (Wacom Technology)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
U3 aswbdisk; no ImagePath
R3 cpuz135; \??\C:\Users\WINDOWS7\AppData\Local\Temp\DTL135\DTL135_x64.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\WINDOWS7\Downloads\[DownSub.com] Is gay marriage really about "
2018-06-16 21:01 - 2018-06-16 21:01 - 000025878 _____ C:\Users\WINDOWS7\Downloads\FRST.txt
2018-06-16 21:00 - 2018-06-16 21:01 - 000000000 ____D C:\FRST
2018-06-16 21:00 - 2018-06-16 21:00 - 002413056 _____ (Farbar) C:\Users\WINDOWS7\Downloads\FRST64.exe
2018-06-16 20:52 - 2018-06-16 20:53 - 000333054 _____ C:\Users\WINDOWS7\Desktop\Speecy.txt
2018-06-16 20:51 - 2018-06-16 20:51 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-16 20:51 - 2018-06-16 20:51 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-16 20:51 - 2018-06-16 20:51 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-16 20:51 - 2018-06-16 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-16 20:51 - 2018-06-16 20:51 - 000000000 ____D C:\Program Files\CCleaner
2018-06-16 20:50 - 2018-06-16 20:50 - 006889184 _____ (Piriform Ltd) C:\Users\WINDOWS7\Downloads\spsetup132.exe
2018-06-16 20:50 - 2018-06-16 20:50 - 000000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-06-16 20:50 - 2018-06-16 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-06-16 20:50 - 2018-06-16 20:50 - 000000000 ____D C:\Program Files\Speccy
2018-06-16 20:49 - 2018-06-16 20:49 - 000007616 _____ C:\junk.txt
2018-06-16 20:46 - 2018-06-16 20:46 - 000010102 _____ C:\Users\WINDOWS7\Desktop\Process Explorer.TXT
2018-06-16 20:35 - 2018-06-16 20:35 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\WINDOWS7\Downloads\procexp.exe
2018-06-14 06:26 - 2018-05-18 02:09 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-06-14 06:20 - 2018-06-14 06:20 - 000365509 _____ C:\unp30671725384346723i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000364979 _____ C:\unp30671725387778729i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000363678 _____ C:\unp30671725383566721i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000363067 _____ C:\unp30671725391210735i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361907 _____ C:\unp30671725386842727i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361817 _____ C:\unp30671725381694718i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361713 _____ C:\unp30671725382630720i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360649 _____ C:\unp30671725386062726i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360625 _____ C:\unp30671725380914717i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360618 _____ C:\unp30671725385126724i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360435 _____ C:\unp30671725379978715i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360355 _____ C:\unp30671725389494732i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000359619 _____ C:\unp30671725378262712i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000359376 _____ C:\unp30671725390430733i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000358009 _____ C:\unp30671725388714730i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000356893 _____ C:\unp30671725379198714i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000341615 _____ C:\unp30671725371398700i-manual.mdmp
2018-06-14 06:16 - 2018-06-14 06:16 - 000276088 _____ C:\Windows\Minidump\061418-17300-01.dmp
2018-06-14 04:12 - 2018-06-14 04:17 - 065369756 _____ C:\Users\WINDOWS7\Downloads\t-shirt White by 3mad art.psd
2018-06-14 04:12 - 2018-06-14 04:16 - 058863940 _____ C:\Users\WINDOWS7\Downloads\t-shirt Denimblue by 3mad art.psd
2018-06-14 04:12 - 2018-06-14 04:16 - 058815014 _____ C:\Users\WINDOWS7\Downloads\t-shirt red by 3mad art.psd
2018-06-14 03:41 - 2018-06-14 03:41 - 000022371 _____ C:\Users\WINDOWS7\Downloads\YikesTypefaceFree.zip
2018-06-14 01:54 - 2018-06-14 01:55 - 097999997 _____ C:\Users\WINDOWS7\Downloads\Creating Patterns On Clothing in Photoshop.mp4
2018-06-14 01:40 - 2018-06-14 01:41 - 102856184 _____ C:\Users\WINDOWS7\Downloads\How to Create a Packaging Design Mockup in Photoshop.mp4
2018-06-14 01:27 - 2018-06-14 01:27 - 023149318 _____ C:\Users\WINDOWS7\Downloads\How to Design Mockup in Photoshop Adobe Photoshop Tutorial.mp4
2018-06-13 04:13 - 2018-06-13 04:13 - 000276144 _____ C:\Windows\Minidump\061318-15506-01.dmp
2018-06-13 04:03 - 2018-06-13 04:03 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Avira
2018-06-13 03:55 - 2018-06-13 03:55 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Avira Operations Gmbh & Co. KG
2018-06-13 03:55 - 2018-06-13 03:55 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-06-13 03:47 - 2018-06-13 19:13 - 000000000 ____D C:\Program Files (x86)\Avira
2018-06-13 03:47 - 2018-06-13 04:04 - 000000000 ____D C:\ProgramData\Avira
2018-06-12 02:54 - 2018-06-12 02:57 - 383295164 _____ C:\Users\WINDOWS7\Downloads\The Rise of AI.mp4
2018-06-11 03:23 - 2018-06-11 03:23 - 000276088 _____ C:\Windows\Minidump\061118-17238-01.dmp
2018-06-11 02:21 - 2018-06-11 02:29 - 1015817850 _____ C:\Users\WINDOWS7\Downloads\Learn SEO! Free SEO Training Course Created In December 2017.mp4
2018-06-10 05:55 - 2018-06-10 05:59 - 534069562 _____ C:\Users\WINDOWS7\Downloads\The Authenticity Code Philip Mckernan.mp4
2018-06-10 05:36 - 2018-06-10 05:39 - 527808532 _____ C:\Users\WINDOWS7\Downloads\Transformational Communication What Masters Know About Conne.mp4
2018-06-10 04:44 - 2018-06-10 04:46 - 202968505 _____ C:\Users\WINDOWS7\Downloads\How to Connect with Powerful and Influential People.mp4
2018-06-07 00:06 - 2018-06-07 00:18 - 205171429 _____ C:\Users\WINDOWS7\Downloads\Marcus Samuelsson, Restaurant Marketing & Trends in Food #As.mp4
2018-06-06 23:37 - 2018-06-06 23:42 - 122439894 _____ C:\Users\WINDOWS7\Downloads\Consumer Behavior on the Internet with Sean Duffy.mp4
2018-06-05 22:49 - 2018-06-05 22:50 - 012058461 _____ C:\Users\WINDOWS7\Downloads\2D ANIMATED SHORT FILM - DIPTYQUE - BEST SELLERS by Parallel Studio.mp4
2018-06-05 22:35 - 2018-06-05 22:37 - 016559215 _____ C:\Users\WINDOWS7\Downloads\SIAMÉS - The Wolf [Official Video].mp4
2018-06-05 22:22 - 2018-06-05 22:23 - 012339128 _____ C:\Users\WINDOWS7\Downloads\videoplayba3ck.mp4
2018-06-05 22:15 - 2018-06-05 22:18 - 030374936 _____ C:\Users\WINDOWS7\Downloads\RASPUTIN - Vladimir Putin - Love The Way You Move (Funk Overload) @slocband.mp4
2018-06-05 22:12 - 2018-06-05 22:24 - 023043833 _____ C:\Users\WINDOWS7\Downloads\Caravan Palace - Lone Digger.mp4
2018-06-05 22:08 - 2018-06-05 22:11 - 036614324 _____ C:\Users\WINDOWS7\Downloads\LORN - ANVIL [Official Music Video].mp4
2018-06-05 22:07 - 2018-06-05 22:10 - 022697488 _____ C:\Users\WINDOWS7\Downloads\CONCORDE - Sons.mp4
2018-06-05 22:04 - 2018-06-05 22:06 - 023404109 _____ C:\Users\WINDOWS7\Downloads\Stuck In the Sound - Let's Go [Official Video].mp4
2018-06-05 04:37 - 2018-06-05 04:37 - 014002824 _____ C:\Users\WINDOWS7\Downloads\What voice search means for the future of digital marketing.mp4
2018-06-05 03:58 - 2018-06-05 04:00 - 164172478 _____ C:\Users\WINDOWS7\Downloads\What's The One Thing Rich People Buy That Poor People Don't .mp4
2018-06-05 03:20 - 2018-06-05 03:26 - 441585637 _____ C:\Users\WINDOWS7\Downloads\95% of You Will Ignore This 2018 Marketing Strategy Business.mp4
2018-06-05 02:54 - 2018-06-05 02:57 - 253622963 _____ C:\Users\WINDOWS7\Downloads\Online Marketing Rockstars Gary Vaynerchuk Keynote Hamburg 2.mp4
2018-06-05 02:21 - 2018-06-05 02:21 - 037654143 _____ C:\Users\WINDOWS7\Downloads\Jeff Bezos's Top 10 Rules For Success (@JeffBezos).mp4
2018-06-04 23:59 - 2018-06-04 23:59 - 068353943 _____ C:\Users\WINDOWS7\Downloads\eCommerce Marketing Strategies - 12 Killer Tips.mp4
2018-06-04 23:12 - 2018-06-04 23:14 - 314797262 _____ C:\Users\WINDOWS7\Downloads\Jack Ma's Life Advice LEARN FROM YOUR MISTAKES (MUST WATCH).mp4
2018-06-04 22:36 - 2018-06-04 22:38 - 175963062 _____ C:\Users\WINDOWS7\Downloads\JACK MA’S TIPS – HOW TO GROW A SMALL BUSINESS (Jack Ma 2017).mp4
2018-06-04 21:50 - 2018-06-04 21:50 - 067928882 _____ C:\Users\WINDOWS7\Downloads\Jack Ma - How to Make a Small Business Successful.mp4
2018-06-04 04:56 - 2018-06-04 04:56 - 006618142 _____ C:\Users\WINDOWS7\Downloads\334.mp4.mp4
2018-06-03 01:53 - 2018-06-03 01:54 - 084918456 _____ C:\Users\WINDOWS7\Downloads\TOP 5 DEFENDING SKILLS HOW TO DEFEND IN FOOTBALL.mp4
2018-05-29 03:31 - 2018-05-29 03:31 - 013900018 _____ C:\Users\WINDOWS7\Downloads\How to Straighten and Color Correct Architectural Photograph.mp4
2018-05-29 02:23 - 2018-05-29 02:28 - 047561506 _____ C:\Users\WINDOWS7\Downloads\Cup Mockup with Hand.zip
2018-05-29 02:23 - 2018-05-29 02:27 - 025033399 _____ C:\Users\WINDOWS7\Downloads\Paper Bag PSD Mockup.zip
2018-05-29 02:23 - 2018-05-29 02:26 - 024468280 _____ C:\Users\WINDOWS7\Downloads\Billboard Mockup.zip
2018-05-29 02:21 - 2018-05-29 02:27 - 078986799 _____ C:\Users\WINDOWS7\Downloads\tshirt-mockup-psd.zip
2018-05-29 02:21 - 2018-05-29 02:27 - 044240894 _____ C:\Users\WINDOWS7\Downloads\flag-mockup.zip
2018-05-29 02:21 - 2018-05-29 02:24 - 046046348 _____ C:\Users\WINDOWS7\Downloads\6-marble-textures.zip
2018-05-29 02:21 - 2018-05-29 02:22 - 001969270 _____ C:\Users\WINDOWS7\Downloads\hanging_business_card_mockup.zip
2018-05-29 02:20 - 2018-05-29 02:26 - 035053564 _____ C:\Users\WINDOWS7\Downloads\shop-sign-mockup.zip
2018-05-29 02:20 - 2018-05-29 02:21 - 012955641 _____ C:\Users\WINDOWS7\Downloads\paper-cup-mockup.zip
2018-05-28 21:39 - 2018-05-28 22:52 - 000000000 ____D C:\Users\WINDOWS7\Downloads\VSCO.FILM.01-06-LIGHTROOM-ILLEGAL_FTP
2018-05-28 10:38 - 2018-05-28 10:39 - 000212790 _____ C:\Windows\ntbtlog.txt
2018-05-28 04:00 - 2018-05-28 04:00 - 078045779 _____ C:\Users\WINDOWS7\Downloads\Composition and Cropping Quick Trick for Food Photography - .mp4
2018-05-28 03:28 - 2018-05-28 03:28 - 047778105 _____ C:\Users\WINDOWS7\Downloads\Lightroom Basics for Food Photography - how I edit photos - .mp4
2018-05-28 03:20 - 2018-05-28 03:20 - 050916573 _____ C:\Users\WINDOWS7\Downloads\Lightroom Classic CC Rocks Food Photography - YouTube.mp4
2018-05-28 02:14 - 2018-05-28 02:14 - 000006733 _____ C:\Users\WINDOWS7\Downloads\Mokusei-Konten(1).xlsx
2018-05-28 02:13 - 2018-05-28 02:14 - 046289515 _____ C:\Users\WINDOWS7\Downloads\A YouTube Employee Shares Tips for Getting Discovered.mp4
2018-05-27 19:14 - 2018-05-27 19:17 - 415052727 _____ C:\Users\WINDOWS7\Downloads\Compositional techniques for Graphic Designers - LIVE stream.mp4
2018-05-27 19:06 - 2018-05-27 19:07 - 031632772 _____ C:\Users\WINDOWS7\Downloads\How To Create Custom Type Designs in Adobe Illustrator - You.mp4
2018-05-27 18:38 - 2018-05-27 18:40 - 023095969 _____ C:\Users\WINDOWS7\Downloads\3 Lightroom Hacks for Food Photography - That's Sage.mp4
2018-05-27 02:56 - 2018-05-27 02:56 - 000276144 _____ C:\Windows\Minidump\052718-18049-01.dmp
2018-05-26 02:38 - 2018-05-26 02:41 - 372406790 _____ C:\Users\WINDOWS7\Downloads\How To Make Your First $100,000 Online With Dan Lok - YouTub.mp4
2018-05-24 18:34 - 2018-05-24 18:34 - 000579968 _____ C:\Users\WINDOWS7\Downloads\BSS Deck - Content.pdf
2018-05-24 02:32 - 2018-05-24 02:32 - 025379970 _____ C:\Users\WINDOWS7\Downloads\Habis Galau Terbitlah Move On - J. Sumardianta.pdf
2018-05-21 22:31 - 2018-05-21 22:31 - 000006733 _____ C:\Users\WINDOWS7\Downloads\Mokusei-Konten.xlsx
2018-05-21 04:37 - 2018-05-21 04:38 - 000595112 _____ C:\Users\WINDOWS7\Downloads\Bennett+the+Bengal.skp
2018-05-18 02:16 - 2018-06-15 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-05-18 02:16 - 2018-06-14 06:27 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-05-18 02:10 - 2018-06-15 20:57 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-05-18 02:10 - 2018-06-14 06:27 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7313cd3a6318203a.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2bb5198fffbf1e96.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw85b8accca6c2e1db.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3a7844fbe1b6d8cf.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\asw59c34738c2e8d436.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\asw22501129328a1aaf.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9c92f9da610caf43.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw704b31daf17eebad.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa40c094a43b262bb.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1a66fa6031e80e16.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw  2fa9a42d74bded.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswee45c25eaefb22ed.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe759c81b81dcbf48.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswccb03d6a8578486c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswab2078ee8d15712b.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcff095db1e985e8c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw39d21f1654d519c2.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde3af1a91d4810b6.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa9c53004aaecf8e9.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw919b808491b2773d.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw d5346639070fc0c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdab38123e37efa0f.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw31e6702dc0117ceb.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcbfda7385250999c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw84ede645199614ab.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw52f6ead88bfac051.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw149bf59a16a6aa78.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde5a8f0fbe82f05b.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw757f564ca5a21445.tmp
2018-05-18 02:09 - 2018-06-15 20:57 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-18 02:08 - 2018-05-18 02:08 - 000000857 _____ C:\Users\WINDOWS7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-05-18 01:52 - 2018-05-18 01:52 - 006825999 _____ C:\Users\WINDOWS7\Downloads\Mister_Credentials_2018_A.pdf
2018-05-18 01:49 - 2018-05-18 01:49 - 014648085 _____ C:\Users\WINDOWS7\Downloads\Why Some Designers Are More Valuable Than Others - YouTube.mp4
2018-05-18 01:40 - 2018-05-18 01:40 - 026781121 _____ C:\Users\WINDOWS7\Downloads\Photoshop Tutorials - Glitch Animation - YouTube.mp4
2018-05-18 01:34 - 2018-05-18 01:35 - 017266467 _____ C:\Users\WINDOWS7\Downloads\How to create Neon Tubes Sign in Illustrator Adobe Illustrat.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-16 20:48 - 2016-05-20 17:47 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-16 20:41 - 2016-05-20 21:07 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Adobe
2018-06-16 20:39 - 2017-03-02 00:44 - 000000000 ____D C:\Program Files\Opera
2018-06-16 20:32 - 2016-11-25 01:15 - 000000000 ____D C:\Users\WINDOWS7\AppData\LocalLow\Mozilla
2018-06-16 20:28 - 2018-05-06 01:48 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\BitTorrent
2018-06-16 20:28 - 2016-07-01 00:25 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Spotify
2018-06-16 20:28 - 2016-05-20 21:02 - 000000000 ____D C:\Program Files (x86)\DriveTheLife2012
2018-06-16 20:27 - 2016-07-01 00:22 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\Spotify
2018-06-16 20:25 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-15 20:57 - 2018-05-06 04:03 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Lavasoft
2018-06-15 20:57 - 2017-09-26 01:25 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-15 20:57 - 2017-09-21 19:54 - 000000000 ____D C:\ProgramData\ASGVIS
2018-06-15 20:57 - 2017-06-03 05:21 - 000000000 ____D C:\Windows\Minidump
2018-06-15 20:57 - 2016-11-18 04:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-15 20:57 - 2016-05-21 18:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-15 20:57 - 2016-05-21 18:22 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-15 20:57 - 2016-05-20 23:05 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\vlc
2018-06-15 20:57 - 2016-05-20 21:07 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\Adobe
2018-06-15 20:57 - 2016-05-20 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-15 20:57 - 2016-05-20 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\servicing
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\AppCompat
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-15 20:56 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2018-06-15 20:50 - 2016-05-20 17:26 - 000000000 __RHD C:\MSOCache
2018-06-15 06:09 - 2016-05-20 17:08 - 000000000 ____D C:\Users\WINDOWS7
2018-06-15 05:06 - 2016-05-20 21:42 - 000000034 _____ C:\Users\WINDOWS7\AppData\Roaming\AdobeWLCMCache.dat
2018-06-14 06:20 - 2009-07-14 11:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-14 06:20 - 2009-07-14 11:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-14 06:16 - 2017-06-03 05:21 - 348347763 _____ C:\Windows\MEMORY.DMP
2018-06-13 04:15 - 2016-05-20 17:10 - 000390560 _____ C:\Users\WINDOWS7\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-09 05:02 - 2018-03-13 23:48 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-09 05:02 - 2016-05-21 18:23 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-09 05:02 - 2016-05-21 18:23 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-09 05:02 - 2016-05-21 18:23 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-24 09:22 - 2009-07-14 11:45 - 012480432 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-19 04:14 - 2016-05-20 17:47 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-19 04:14 - 2016-05-20 17:47 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 05:25 - 2017-09-16 23:54 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-18 03:32 - 2009-07-14 12:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-17 05:56 - 2016-06-19 18:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 05:55 - 2017-03-22 23:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-01-04 04:21 - 2017-12-28 01:18 - 000000132 _____ () C:\Users\WINDOWS7\AppData\Roaming\Adobe PNG Format CC Prefs
2016-05-20 21:42 - 2018-06-15 05:06 - 000000034 _____ () C:\Users\WINDOWS7\AppData\Roaming\AdobeWLCMCache.dat
2018-04-24 00:41 - 2018-04-24 02:02 - 000001456 _____ () C:\Users\WINDOWS7\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
2018-05-06 04:02 - 2018-05-06 04:02 - 000066192 _____ (AVAST Software) C:\Users\WINDOWS7\AppData\Local\Temp\ocgj5vxd.zpt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-11 05:35

==================== End of FRST.txt ============================


Edited by alisonmunandar, 16 June 2018 - 08:07 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,814 posts
  • MVP

CPU
            AMD A8-6600K    78 °C
          

 

If this is accurate (which it often isn't) your CPU is boiling over.  Either the fan is not working or the interface between the heatsink and the fan is clogged with dust or Speccy is wrong.  Let's get a second opinion:

 

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 


  • 0

#9
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802

Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d4029cd429b104

Termination Time: 5

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743

Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.

Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on ‎6/‎15/‎2018 was unexpected.

Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: 0.0.0.0

Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================

Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS

\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#10
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802

Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d4029cd429b104

Termination Time: 5

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743

Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.

Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on ‎6/‎15/‎2018 was unexpected.

Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: 0.0.0.0

Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================

Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS

\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#11
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802

Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d4029cd429b104

Termination Time: 5

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743

Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.

Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on ‎6/‎15/‎2018 was unexpected.

Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: 0.0.0.0

Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================

Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS

\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,814 posts
  • MVP

CPU
            AMD A8-6600K    78 °C
          

 

If this is accurate (which it often isn't) your CPU is boiling over.  Either the fan is not working or the interface between the heatsink and the fan is clogged with dust or Speccy is wrong.  Let's get a second opinion:

 

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 


  • 0

#13
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802

Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d4029cd429b104

Termination Time: 5

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743

Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.

Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on ‎6/‎15/‎2018 was unexpected.

Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: 0.0.0.0

Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================

Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS

\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#14
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Addition

Attached Files


  • 0

#15
alisonmunandar

alisonmunandar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Here's the speedfan result. Fa1.png (Youtube, Internet) Fan2.png(Without program running)

Attached Thumbnails

  • Fan1.png
  • Fan2.png

  • 0






Similar Topics


Also tagged with one or more of these keywords: Windows7

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP