Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Infection?


  • Please log in to reply

#1
brispuss

brispuss

    Member

  • Member
  • PipPip
  • 45 posts

Computer not going to sleep manually started off the investigation as to why it didn't do so when requested.

 

Run SFC /scannow with no issues found.

Ran Malwarebytes and SuperAntiSpyware with no (major) issues found.

 

Ran Sophos Virus Removal Tool and later RogueKiller which detected some sort of infection, but when trying to clean the infection, my computer immediately crashed to blue screen and then restarted! This happened several times.

 

The issue might be due to -> [Proc.Injected] tcphost.exe(3864) -- C:\Program Files (x86)\TCP Host\tcphost.exe[-] as reported by RogueKiller.

 

Ran FRST64 with the following resulting texts (slightly edited) -

 

FRST.txt -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018

Ran by Administrator (administrator) on MINE-PC (25-08-2018 15:33:10)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas X 2017 GIS\acdIDInTouch2.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ITSamples.com) C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter.exe
(Edward Leigh) C:\Program Files (x86)\Bookmark Buddy Unicode\BmkBuddy.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\TCP Host\tcphost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CVPWU7EN] => C:\Program Files\ACD Systems\Canvas X 2017 GIS\AcdIDInTouch2.exe [2154952 2016-12-22] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TCP Host] => C:\Program Files (x86)\TCP Host\tcphost.exe [324220 2017-11-25] ()
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1695224 2017-12-17] ()
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1757768 2018-07-17] (Vivaldi Technologies AS)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2018-07-10] (Tonec Inc.)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter.exe [3081672 2015-10-26] (www.dennisbabkin.com)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Policies\Explorer: [] 
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {2680c64c-c1ac-11e6-b6ef-806e6f6e6963} - L:\setup.exe
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {96061495-54fd-11e5-a44c-bc5ff447e4a8} - G:\Setup.exe
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {a40fae50-86d2-11e6-b8a5-806e6f6e6963} - F:\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2016-06-30]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files (x86)\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{9DC76A0B-479B-4181-8D75-58A9AD1C880C}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> C:\Program Files\Shareaza\RazaWebHook64.dll [2017-09-18] (Shareaza Development Team)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> C:\Program Files\Shareaza\RazaWebHook32.dll [2017-09-18] (Shareaza Development Team)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-10-20] ()
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-10-20] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
 
FireFox:
========
FF DefaultProfile: 1pnuhl2s.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2ql4nh26.default-1488080334964 [2018-08-12]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2ql4nh26.default-1488080334964\Extensions\[email protected] [2017-11-03] [Legacy]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default [2018-08-12]
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default -> type", 0
FF Extension: (WebToPDF) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default\Extensions\[email protected] [2017-09-03] [Legacy]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\sr3mc2ja.default [2017-12-18]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\K-Meleon\sr3mc2ja.default\user.js [2006-04-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-10-09] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-12-04] [Legacy] [not signed]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-06-26]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-07-22] [Legacy] [not signed]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-06-07] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-06-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2017-10-21] (Nitro Software, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-10-09]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-11]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-10-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-11]
 
Opera: 
=======
OPR Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\faehphipoljdginnjklhakadmiaehgod [2015-09-08]
StartMenuInternet: (HKLM) OperaStable - C:\\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-07-16] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas X 2017 GIS\CVShellSrv.exe [392648 2016-12-22] (Canvas X Software, Inc.)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-10-29] (Foxit Software Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-20] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-20] (Windows ® Win 7 DDK provider)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-05-08] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [22416 2018-01-11] (IObit.com)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-08-25] (Malwarebytes)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-10-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2017-03-24] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-25] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-25 15:33 - 2018-08-25 15:33 - 000022732 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-08-25 15:03 - 2018-08-25 15:03 - 000279720 _____ C:\Windows\Minidump\082518-16005-01.dmp
2018-08-25 15:02 - 2018-08-25 15:02 - 000009294 _____ C:\Users\Administrator\Desktop\Roguekiller.txt
2018-08-25 14:16 - 2018-08-25 15:04 - 000002706 _____ C:\Windows\System32\Tasks\TCP Host Task
2018-08-25 14:14 - 2018-08-25 14:14 - 000007306 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2018-08-25 14:01 - 2018-08-25 14:15 - 000004706 _____ C:\Users\Administrator\Documents\fixlist.txt
2018-08-25 11:11 - 2018-08-25 11:11 - 000279720 _____ C:\Windows\Minidump\082518-14679-01.dmp
2018-08-25 11:01 - 2018-08-25 11:02 - 000000000 ____D C:\AdwCleaner
2018-08-25 10:23 - 2018-08-25 01:55 - 007417040 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.2.2.exe
2018-08-25 10:21 - 2018-08-25 10:21 - 000279720 _____ C:\Windows\Minidump\082518-15210-01.dmp
2018-08-25 00:32 - 2018-08-25 14:16 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-25 00:31 - 2018-08-25 00:31 - 027105848 _____ (Adlice Software) C:\Users\Administrator\Desktop\RogueKiller_portable64.exe
2018-08-25 00:31 - 2018-08-25 00:31 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-24 23:13 - 2018-08-25 00:31 - 027105848 _____ (Adlice Software) C:\Users\Administrator\Downloads\RogueKiller_portable64.exe
2018-08-24 15:55 - 2018-08-24 15:55 - 000052242 _____ C:\Users\Administrator\Desktop\Addition_orig.txt
2018-08-24 15:55 - 2018-08-24 15:55 - 000035563 _____ C:\Users\Administrator\Desktop\FRST_orig.txt
2018-08-24 15:54 - 2018-08-25 15:33 - 000000000 ____D C:\FRST
2018-08-24 15:54 - 2018-08-24 15:54 - 002413056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-08-23 17:12 - 2018-08-23 17:13 - 000143834 _____ C:\TDSSKiller.2.8.16.0_23.08.2018_17.12.49_log.txt
2018-08-23 17:12 - 2018-08-23 17:12 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2018-08-20 17:11 - 2018-08-25 15:04 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-20 14:44 - 2018-08-20 14:44 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-08-20 14:44 - 2018-08-20 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-08-20 14:44 - 2018-08-20 14:44 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-08-19 23:30 - 2018-08-19 23:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2018-08-19 23:29 - 2018-08-19 23:32 - 000002030 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-19 23:29 - 2018-08-19 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-19 23:29 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-08-18 16:56 - 2018-08-18 16:56 - 000279720 _____ C:\Windows\Minidump\081818-25147-01.dmp
2018-08-18 16:19 - 2018-08-18 16:19 - 000279720 _____ C:\Windows\Minidump\081818-18174-01.dmp
2018-08-18 13:18 - 2018-08-18 16:55 - 000000000 ____D C:\ProgramData\Sophos
2018-08-15 20:08 - 2018-08-15 20:08 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2018-08-15 16:16 - 2018-08-15 16:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2018-08-15 16:15 - 2018-08-15 16:15 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-08-15 16:15 - 2018-08-15 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-08-15 16:15 - 2018-08-15 16:15 - 000000000 ____D C:\Program Files (x86)\AMD
2018-08-15 16:14 - 2018-08-15 16:14 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-08-15 16:13 - 2018-08-15 16:14 - 000000000 ____D C:\Program Files\AMD
2018-08-15 16:13 - 2018-08-15 16:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-15 16:13 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2018-08-15 16:13 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-08-15 16:13 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2018-08-15 16:13 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-08-12 20:41 - 2018-08-12 20:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ioloGovernor
2018-08-12 20:40 - 2018-08-12 20:40 - 000000000 ____D C:\Program Files\Common Files\iolo
2018-08-12 20:39 - 2018-08-12 20:39 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-08-11 20:56 - 2018-08-11 20:56 - 000001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-08-06 15:38 - 2018-08-15 16:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\GlarySoft
2018-08-06 15:38 - 2018-08-15 16:20 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2018-08-06 15:35 - 2018-08-25 14:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-08-06 15:35 - 2018-08-06 15:37 - 000000985 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-06 15:35 - 2018-08-06 15:35 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-08-06 15:35 - 2018-08-06 15:35 - 000000000 ____D C:\Program Files\CCleaner
2018-07-29 19:02 - 2018-07-29 19:02 - 000000934 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-07-29 19:02 - 2018-07-29 19:02 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-07-29 19:01 - 2018-07-29 19:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-28 16:15 - 2018-07-28 17:25 - 000004282 _____ C:\Users\Administrator\Documents\iSDT_C4_Thoughts.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-25 15:11 - 2009-07-14 16:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-25 15:11 - 2009-07-14 16:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-25 15:08 - 2009-07-14 17:13 - 000795886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-25 15:08 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2018-08-25 15:03 - 2015-08-25 16:33 - 000000000 ____D C:\Windows\Minidump
2018-08-25 15:03 - 2015-07-16 21:19 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2018-08-25 15:03 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-25 14:31 - 2017-12-03 09:39 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Nitro
2018-08-25 14:15 - 2018-07-22 21:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2018-08-25 14:15 - 2017-11-25 10:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\A2D0E596-2568-412C-A990-7D4AFB3342BF
2018-08-25 14:15 - 2017-08-11 13:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-08-25 14:15 - 2015-08-05 14:04 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-08-25 14:15 - 2015-07-16 21:26 - 000061088 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:15 - 2015-07-16 21:26 - 000061088 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:15 - 2015-07-16 21:26 - 000000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:14 - 2009-07-14 15:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-08-25 11:51 - 2015-07-16 21:19 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2018-08-25 11:13 - 2017-08-14 06:21 - 000000000 ____D C:\ProgramData\ProductData
2018-08-20 20:40 - 2018-03-06 06:24 - 034453544 _____ C:\Windows\ntbtlog.txt
2018-08-20 14:42 - 2015-12-22 13:46 - 000007603 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2018-08-19 23:29 - 2015-08-24 16:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-16 21:46 - 2015-12-07 23:22 - 000000000 ____D C:\Windows\pss
2018-08-15 16:20 - 2017-10-23 16:47 - 000000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2018-08-15 16:20 - 2015-07-16 21:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-15 16:17 - 2015-08-23 12:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-08-12 20:50 - 2017-10-05 21:26 - 000000000 ____D C:\Windows\amlog
2018-08-12 20:50 - 2015-07-17 17:01 - 000000000 ____D C:\Windows\Panther
2018-08-12 20:48 - 2017-09-12 12:38 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-08-12 20:47 - 2015-10-11 22:08 - 000000000 ____D C:\ProgramData\Temp
2018-08-12 20:38 - 2015-08-19 15:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2018-07-29 19:02 - 2015-07-19 16:36 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-07-27 17:57 - 2017-10-02 18:26 - 000000895 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2018-07-27 17:57 - 2017-10-02 18:25 - 000000000 ____D C:\Program Files\Pale Moon
 
==================== Files in the root of some directories =======
 
2015-05-12 22:55 - 2015-05-12 22:55 - 000237568 _____ () C:\Users\Zcm\zcmx64.exe
2015-05-14 10:26 - 2015-05-14 10:26 - 000196608 _____ () C:\Users\Zcm\zcmx86.exe
2016-08-14 14:30 - 2016-08-14 14:30 - 000007833 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.cat
2016-08-14 14:30 - 2016-08-14 14:30 - 000001126 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.inf
2016-08-14 14:30 - 2016-08-14 14:30 - 000000125 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.ini
2016-08-14 14:31 - 2016-08-14 14:31 - 000000074 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.log
2016-08-14 14:30 - 2016-08-14 14:30 - 000118400 _____ (VSO Software) C:\Users\Administrator\AppData\Roaming\ezplay.sys
2015-08-26 13:27 - 2017-08-12 17:01 - 000099384 _____ () C:\Users\Administrator\AppData\Roaming\inst.exe
2015-07-26 01:24 - 2016-10-21 20:55 - 000000639 _____ () C:\Users\Administrator\AppData\Roaming\pacemaker.ini
2015-07-26 01:24 - 2015-07-26 01:24 - 000000010 _____ () C:\Users\Administrator\AppData\Roaming\pacemaker_songparams.txt
2015-08-26 13:27 - 2017-08-12 17:01 - 000007859 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.cat
2015-08-26 13:27 - 2017-08-12 17:01 - 000001167 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.inf
2015-08-26 13:27 - 2017-08-12 17:01 - 000000055 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.log
2015-08-26 13:27 - 2017-08-12 17:01 - 000082816 _____ (VSO Software) C:\Users\Administrator\AppData\Roaming\pcouffin.sys
2015-09-27 13:40 - 2016-09-06 19:23 - 000013312 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-19 20:22 - 2015-09-19 20:22 - 000000101 _____ () C:\Users\Administrator\AppData\Local\fusioncache.dat
2018-03-25 00:55 - 2018-03-25 00:55 - 000000876 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-12-22 13:46 - 2018-08-20 14:42 - 000007603 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-08-05 00:26 - 2016-08-05 00:26 - 000000077 _____ () C:\Users\Administrator\AppData\Local\smplayerhdpi.ini
2015-11-07 11:55 - 2015-11-07 12:13 - 843913989 _____ () C:\Users\Administrator\AppData\Local\Tempacad_2014_32_64_stored.pcf
2017-08-15 20:58 - 2017-08-15 20:58 - 062684292 _____ () C:\Users\Administrator\AppData\Local\Temp_pdf.pdf
2012-09-10 23:49 - 2012-09-10 23:49 - 000001050 ____H () C:\Users\Administrator\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
 
Some files in TEMP:
====================
2018-08-25 00:31 - 2015-06-29 23:49 - 001727904 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-12-30 12:29
 
==================== End of FRST.txt ============================
 
 
Addition.txt -
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Administrator (25-08-2018 15:33:31)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-16 09:11:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1382256656-1906833549-2697462634-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1382256656-1906833549-2697462634-1002 - Limited - Enabled)
Guest (S-1-5-21-1382256656-1906833549-2697462634-501 - Limited - Disabled)
Mine (S-1-5-21-1382256656-1906833549-2697462634-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov)
AC-3 ACM Codec 2.2 (HKLM-x32\...\AC3ACM) (Version: 2.2 - fccHandler)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AIDA64 Extreme v5.95 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.95 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 6.3 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blue Cat's Stereo Flanger VST 2.62 (HKLM-x32\...\{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}) (Version: 2.62 - Blue Cat Audio)
Bookmark Buddy Unicode (HKLM-x32\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas X 2017 GIS (HKLM\...\{BD079D7D-1489-4952-876C-BC6898C76BA4}) (Version: 17.0.160 - Canvas X Software Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
Foxit PhantomPDF (HKLM-x32\...\{37B1C18A-BD42-11E7-AE41-000C296BF29B}) (Version: 9.0.0.29935 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
FreeArc 0.67 alpha (HKLM-x32\...\FreeArc) (Version: 0.67 alpha - Bulat Ziganshin)
FxSound Enhancer (HKLM-x32\...\DFX) (Version: 13.018 - FxSound)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.8 - Outertech)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated)
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HL-3150CDN (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HWiNFO64 Version 5.74 (HKLM\...\HWiNFO64_is1) (Version: 5.74 - Martin Malík - REALiX)
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.4.0.8 - IObit)
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.1.0.48 - Corel Corporation) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MediaInfo 0.7.88 (HKLM\...\MediaInfo) (Version: 0.7.88 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
MPC-BE x64 1.5.0.2235 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Nitro Pro (HKLM\...\{7DA78E32-D129-46AB-84A6-FF9AE03969B7}) (Version: 11.0.7.411 - Nitro)
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaceMaker plug-in for Winamp (HKLM-x32\...\PaceMaker plug-in) (Version: 2.6 - PaceMaker plug-inc.)
Pale Moon (x64 en-US) (HKLM\...\Pale Moon (x64 en-US)) (Version: 27.9.4 - Moonchild Productions)
PowerArchiver 2018 (HKLM\...\PowerArchiver_is1) (Version: 18.00.53 - ConeXware, Inc.)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version:  - )
RedistSysFiles (HKLM-x32\...\{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}) (Version: 8.1.0 -  ) Hidden
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
Soldier of Fortune Gold (HKLM-x32\...\Soldier of Fortune Gold) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Vivaldi) (Version: 1.15.1147.55 - Vivaldi)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-10-21] (Nitro Software, Inc.)
ContextMenuHandlers1: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers1: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers6: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2018-05-16] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0764B4D5-54A1-4694-B76D-5EB607F78AA2} - System32\Tasks\TCP Host Task => C:\Program Files (x86)\TCP Host\tcphost.exe [2017-11-25] () <==== ATTENTION
Task: {12A0C6A1-200B-471A-8725-87EEC01350C4} - System32\Tasks\{D1A5EB22-5B77-4B01-AF66-789DA9D5CB40} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {1E904CB0-000E-487B-AF48-60A9B0928D86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {28EE65A9-95F3-4CE9-9B3F-2CF035310A99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {2EE8A209-DF86-472E-A487-EDA9C84F71BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {31CA2B13-E209-468E-A8CC-A8CB48735F11} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {38A67970-1E63-4081-B024-92026D3AB3C0} - System32\Tasks\{EF297CA0-08AF-4D1F-B502-0CBDFC649EEE} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {3CB3AC89-F130-4849-8C6B-E077BCE5F8BF} - System32\Tasks\{C657E89E-41CE-46A5-968F-0E192C5DEBA6} => C:\PNGoo\PNGoo.exe [2009-07-06] ()
Task: {4FF507DE-D88F-4961-9033-E63518B5E12B} - System32\Tasks\{A0C0F15A-5CFC-442E-9512-BA794E0E5E39} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {5D4C0C8A-B682-45F3-8E92-FA7805583199} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {6CAB63B2-E329-4688-82BB-A77590B5FA11} - System32\Tasks\{C6437A59-0933-44C4-BAC9-44D74D97F6CB} => D:\Multimedia_Players_Editors\Quicktime\QuickTime Pro v7.7.4.80.86\Keygen\Keygen.exe [2012-05-16] (Apple, Inc.)
Task: {78C7B6CA-1FD1-4DBF-92FB-120D17DE5E1A} - System32\Tasks\{D36EB26B-5346-468B-ACD4-586A4605B656} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {8B86C35E-8402-43B9-A16E-12DE7938E1E1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8D7C33BF-F676-4F98-8E34-F229A18A9585} - System32\Tasks\{488CF1C6-7E51-47AD-86D1-6E114EE79AFB} => C:\kmquake2\kmquake2.exe
Task: {9397E759-B31D-470A-BC9D-E280A7D68252} - System32\Tasks\{0590DAE7-4817-4FBE-B9E3-C401ECEE6CF7} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {97C7A462-0336-4A3D-8803-070642A11FCD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
Task: {A012571E-C3ED-4E57-A53E-A5026C3F66AF} - System32\Tasks\{8F08D025-5318-48AA-9BAD-A7F3EACE74BD} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {A430C2CF-A535-48AA-BD0B-6E06615DF5C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {B69CA034-9546-4CEE-8DBB-5DFF019D9872} - System32\Tasks\{43F50390-97E2-4956-960F-6B051C40CB7E} => C:\kmquake2\kmquake2.exe
Task: {CB3FB3DF-928B-4EA0-B467-EF8C2E18BE30} - System32\Tasks\{2DD529D7-EDD5-407E-898B-80B96757B84D} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {CD4E1250-E212-4A84-8FBA-798456F5FCF3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F8E3D08F-42F1-4B33-9BFD-56705246A131} - System32\Tasks\Opera scheduled Autoupdate 1438860155 => C:\launcher.exe
Task: {FDCD138A-9092-41EC-A0BC-42DAC18EC33C} - System32\Tasks\{C3D7AD64-42B2-4CBA-845C-4035916DB6E4} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-05 14:44 - 2015-04-07 14:44 - 000127952 _____ () C:\Program Files (x86)\FILEminimizer Suite\fmshell64.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2015-07-16 21:16 - 2012-03-19 19:09 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-11-25 10:58 - 2017-11-25 10:58 - 000324220 _____ () C:\Program Files (x86)\TCP Host\tcphost.exe
2015-07-16 21:19 - 2012-02-07 17:27 - 000121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2018-08-19 23:29 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-23 22:11 - 2018-07-17 22:59 - 001253448 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\ffmpeg.dll
2018-07-23 22:11 - 2018-07-17 23:00 - 004459080 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\libglesv2.dll
2018-07-23 22:11 - 2018-07-17 23:00 - 000100424 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\libegl.dll
2012-10-01 19:37 - 2012-10-01 19:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-01 01:20 - 2014-03-01 01:20 - 000002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-07-26 21:25 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-07-16 21:25 - 2009-03-26 14:46 - 000148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2018-06-12 15:51 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-06-12 15:51 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-06-12 15:51 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-06-12 15:52 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-06-12 15:51 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-06-12 15:51 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2015-07-16 21:19 - 2012-02-07 17:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\UDAAIM64.exe:BDU [1]
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Video:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [738]
AlternateDataStreams: C:\ProgramData\Temp:072F1F69 [380]
AlternateDataStreams: C:\ProgramData\Temp:12258D63 [207]
AlternateDataStreams: C:\ProgramData\Temp:249F95D0 [430]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:33B04540 [394]
AlternateDataStreams: C:\ProgramData\Temp:4EEC7800 [188]
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6 [394]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [206]
AlternateDataStreams: C:\ProgramData\Temp:77B64C59 [192]
AlternateDataStreams: C:\ProgramData\Temp:7C412B92 [185]
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [188]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [193]
AlternateDataStreams: C:\ProgramData\Temp:8FAE08A5 [229]
AlternateDataStreams: C:\ProgramData\Temp:91FE43FF [204]
AlternateDataStreams: C:\ProgramData\Temp:91FFEC32 [416]
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB [147]
AlternateDataStreams: C:\ProgramData\Temp:98982C88 [192]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [173]
AlternateDataStreams: C:\ProgramData\Temp:A819A132 [213]
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7 [390]
AlternateDataStreams: C:\ProgramData\Temp:AD7183FA [203]
AlternateDataStreams: C:\ProgramData\Temp:C0A9D0E7 [184]
AlternateDataStreams: C:\ProgramData\Temp:C7684F3C [209]
AlternateDataStreams: C:\ProgramData\Temp:D47B19A6 [394]
AlternateDataStreams: C:\ProgramData\Temp:E51234A9 [366]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [202]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:34 - 2017-12-18 16:34 - 000001364 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0580B12F-5A4C-431C-B0FC-CE7745B6134C}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{1661205B-27F1-4AF6-8AED-4EFB8322C450}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B0FB1281-E9F0-4B87-BC74-33DAA6CD96DB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{88F44DB1-1862-40F0-8F92-8415341762CC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{359EBE35-79CF-466A-BD1C-CAC8199CC308}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{60721D96-25B1-4BCD-8C9A-8AD34FB7F73B}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E5B7F114-C935-4723-AAB9-C4C7ADAF5E96}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{39713F01-97CC-4C4C-B011-BD72851BE358}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8D12B4EF-0A94-44AB-A8C8-FB064DC065F0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: ezplay device ...
Description: ezplay device ...
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2018 03:12:48 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-09-04T03:39:47Z. Error Code: 0x80070490.
 
Error: (08/25/2018 03:06:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D2576348-8C8A-4592-8F31-B28B0CDB2623}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (08/25/2018 03:04:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2018 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2018 03:04:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2018 02:16:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2018 02:16:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2018 01:02:57 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={DCE2B86C-4886-4268-8B3A-D9A0B275A6AD}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 678.
 
 
System errors:
=============
Error: (08/25/2018 03:04:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iaStorV
msahci
 
Error: (08/25/2018 03:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (08/25/2018 03:03:43 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800ba24730, 0xfffffa800ba24a10, 0xfffff80002f76940). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082518-16005-01.
 
Error: (08/25/2018 03:03:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:01:51 p.m. on ‎25/‎08/‎2018 was unexpected.
 
Error: (08/25/2018 02:15:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iaStorV
msahci
 
Error: (08/25/2018 02:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (08/25/2018 02:15:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (08/25/2018 02:15:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2018-08-25 15:04:14.271
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 15:04:14.255
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 14:15:52.762
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 14:15:52.752
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 11:12:19.973
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 11:12:19.957
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 10:21:57.029
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-25 10:21:57.014
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8076.14 MB
Available physical RAM: 5989.86 MB
Total Virtual: 16150.47 MB
Available Virtual: 13916.02 MB
 
==================== Drives ================================
 
Drive c: (W 7_64 bit) (Fixed) (Total:119.84 GB) (Free:7.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data_1) (Fixed) (Total:310 GB) (Free:45.41 GB) NTFS
Drive e: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:16.53 GB) NTFS
Drive i: (W XP) (Fixed) (Total:97.76 GB) (Free:74.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (Data_2) (Fixed) (Total:353.01 GB) (Free:202.16 GB) NTFS
Drive k: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Any ideas?
 
Thanks!

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,305 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   4.53KB   22 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#3
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Thank you for taking the time to create the FRST fix script!

 

In the end I couldn't wait any longer for some help with this issue so I deleted the OS partition and reinstalled W7 64 bit. I'm in the process of reinstalling other software as required.

 

So far there have been no (other) issues. But to be certain, I ran FRST64 again with nothing of (obvious) concern reported.


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,305 posts
  • MVP

OK.  Sorry for the delay.  I usually wait a few days to give our newer helpers time to jump in.  This is my standard goodbye which may have some useful info:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

 

In addition new installs of Win 7 may have slow Windows Updates:

Run the System Update Readiness Tool for Windows 7

This link is for 64 bit:
https://www.microsof...s.aspx?id=20858

This one for 32 bit:
https://www.microsof...ls.aspx?id=3132



Once that runs then get

 KB3083710 and KB3102810 (if you don't already have them)

https://support.micr...n-us/kb/3083710

https://support.micr...n-us/kb/3102810
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP