Computer not going to sleep manually started off the investigation as to why it didn't do so when requested.
Run SFC /scannow with no issues found.
Ran Malwarebytes and SuperAntiSpyware with no (major) issues found.
Ran Sophos Virus Removal Tool and later RogueKiller which detected some sort of infection, but when trying to clean the infection, my computer immediately crashed to blue screen and then restarted! This happened several times.
The issue might be due to -> [Proc.Injected] tcphost.exe(3864) -- C:\Program Files (x86)\TCP Host\tcphost.exe[-] as reported by RogueKiller.
Ran FRST64 with the following resulting texts (slightly edited) -
FRST.txt -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by Administrator (administrator) on MINE-PC (25-08-2018 15:33:10)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas X 2017 GIS\acdIDInTouch2.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ITSamples.com) C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter.exe
(Edward Leigh) C:\Program Files (x86)\Bookmark Buddy Unicode\BmkBuddy.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\TCP Host\tcphost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CVPWU7EN] => C:\Program Files\ACD Systems\Canvas X 2017 GIS\AcdIDInTouch2.exe [2154952 2016-12-22] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TCP Host] => C:\Program Files (x86)\TCP Host\tcphost.exe [324220 2017-11-25] ()
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1695224 2017-12-17] ()
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1757768 2018-07-17] (Vivaldi Technologies AS)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-03] (SUPERAntiSpyware)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2018-07-10] (Tonec Inc.)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter.exe [3081672 2015-10-26] (www.dennisbabkin.com)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Policies\Explorer: []
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {2680c64c-c1ac-11e6-b6ef-806e6f6e6963} - L:\setup.exe
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {96061495-54fd-11e5-a44c-bc5ff447e4a8} - G:\Setup.exe
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\MountPoints2: {a40fae50-86d2-11e6-b8a5-806e6f6e6963} - F:\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2016-06-30]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files (x86)\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{9DC76A0B-479B-4181-8D75-58A9AD1C880C}: [NameServer] 203.97.78.43 203.97.78.44
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> C:\Program Files\Shareaza\RazaWebHook64.dll [2017-09-18] (Shareaza Development Team)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> C:\Program Files\Shareaza\RazaWebHook32.dll [2017-09-18] (Shareaza Development Team)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-10-20] ()
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-10-20] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
FireFox:
========
FF DefaultProfile: 1pnuhl2s.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2ql4nh26.default-1488080334964 [2018-08-12]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2ql4nh26.default-1488080334964\Extensions\
[email protected] [2017-11-03] [Legacy]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default [2018-08-12]
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default -> type", 0
FF Extension: (WebToPDF) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\1pnuhl2s.default\Extensions\
[email protected] [2017-09-03] [Legacy]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\sr3mc2ja.default [2017-12-18]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\K-Meleon\sr3mc2ja.default\user.js [2006-04-07]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-10-09] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-12-04] [Legacy] [not signed]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-06-26]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-07-22] [Legacy] [not signed]
FF HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-06-07] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-06-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2017-10-21] (Nitro Software, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-10-09]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-11]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-10-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-11]
Opera:
=======
OPR Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\faehphipoljdginnjklhakadmiaehgod [2015-09-08]
StartMenuInternet: (HKLM) OperaStable - C:\\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-07-16] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas X 2017 GIS\CVShellSrv.exe [392648 2016-12-22] (Canvas X Software, Inc.)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-10-29] (Foxit Software Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-29] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-20] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-20] (Windows ® Win 7 DDK provider)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-05-08] (REALiX)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [22416 2018-01-11] (IObit.com)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-08-25] (Malwarebytes)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-10-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2017-03-24] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-25] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-25 15:33 - 2018-08-25 15:33 - 000022732 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-08-25 15:03 - 2018-08-25 15:03 - 000279720 _____ C:\Windows\Minidump\082518-16005-01.dmp
2018-08-25 15:02 - 2018-08-25 15:02 - 000009294 _____ C:\Users\Administrator\Desktop\Roguekiller.txt
2018-08-25 14:16 - 2018-08-25 15:04 - 000002706 _____ C:\Windows\System32\Tasks\TCP Host Task
2018-08-25 14:14 - 2018-08-25 14:14 - 000007306 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2018-08-25 14:01 - 2018-08-25 14:15 - 000004706 _____ C:\Users\Administrator\Documents\fixlist.txt
2018-08-25 11:11 - 2018-08-25 11:11 - 000279720 _____ C:\Windows\Minidump\082518-14679-01.dmp
2018-08-25 11:01 - 2018-08-25 11:02 - 000000000 ____D C:\AdwCleaner
2018-08-25 10:23 - 2018-08-25 01:55 - 007417040 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.2.2.exe
2018-08-25 10:21 - 2018-08-25 10:21 - 000279720 _____ C:\Windows\Minidump\082518-15210-01.dmp
2018-08-25 00:32 - 2018-08-25 14:16 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-25 00:31 - 2018-08-25 00:31 - 027105848 _____ (Adlice Software) C:\Users\Administrator\Desktop\RogueKiller_portable64.exe
2018-08-25 00:31 - 2018-08-25 00:31 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-24 23:13 - 2018-08-25 00:31 - 027105848 _____ (Adlice Software) C:\Users\Administrator\Downloads\RogueKiller_portable64.exe
2018-08-24 15:55 - 2018-08-24 15:55 - 000052242 _____ C:\Users\Administrator\Desktop\Addition_orig.txt
2018-08-24 15:55 - 2018-08-24 15:55 - 000035563 _____ C:\Users\Administrator\Desktop\FRST_orig.txt
2018-08-24 15:54 - 2018-08-25 15:33 - 000000000 ____D C:\FRST
2018-08-24 15:54 - 2018-08-24 15:54 - 002413056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-08-23 17:12 - 2018-08-23 17:13 - 000143834 _____ C:\TDSSKiller.2.8.16.0_23.08.2018_17.12.49_log.txt
2018-08-23 17:12 - 2018-08-23 17:12 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2018-08-20 17:11 - 2018-08-25 15:04 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-20 14:44 - 2018-08-20 14:44 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-08-20 14:44 - 2018-08-20 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-08-20 14:44 - 2018-08-20 14:44 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-08-19 23:30 - 2018-08-19 23:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2018-08-19 23:29 - 2018-08-19 23:32 - 000002030 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-19 23:29 - 2018-08-19 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-19 23:29 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-08-18 16:56 - 2018-08-18 16:56 - 000279720 _____ C:\Windows\Minidump\081818-25147-01.dmp
2018-08-18 16:19 - 2018-08-18 16:19 - 000279720 _____ C:\Windows\Minidump\081818-18174-01.dmp
2018-08-18 13:18 - 2018-08-18 16:55 - 000000000 ____D C:\ProgramData\Sophos
2018-08-15 20:08 - 2018-08-15 20:08 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2018-08-15 16:16 - 2018-08-15 16:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2018-08-15 16:15 - 2018-08-15 16:15 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-08-15 16:15 - 2018-08-15 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-08-15 16:15 - 2018-08-15 16:15 - 000000000 ____D C:\Program Files (x86)\AMD
2018-08-15 16:14 - 2018-08-15 16:14 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-08-15 16:13 - 2018-08-15 16:14 - 000000000 ____D C:\Program Files\AMD
2018-08-15 16:13 - 2018-08-15 16:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-15 16:13 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2018-08-15 16:13 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-08-15 16:13 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2018-08-15 16:13 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-08-12 20:41 - 2018-08-12 20:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ioloGovernor
2018-08-12 20:40 - 2018-08-12 20:40 - 000000000 ____D C:\Program Files\Common Files\iolo
2018-08-12 20:39 - 2018-08-12 20:39 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-08-11 20:56 - 2018-08-11 20:56 - 000001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-08-11 20:56 - 2018-08-11 20:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-08-06 15:38 - 2018-08-15 16:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\GlarySoft
2018-08-06 15:38 - 2018-08-15 16:20 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2018-08-06 15:35 - 2018-08-25 14:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-08-06 15:35 - 2018-08-06 15:37 - 000000985 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-06 15:35 - 2018-08-06 15:35 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-08-06 15:35 - 2018-08-06 15:35 - 000000000 ____D C:\Program Files\CCleaner
2018-07-29 19:02 - 2018-07-29 19:02 - 000000934 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-07-29 19:02 - 2018-07-29 19:02 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-07-29 19:01 - 2018-07-29 19:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-28 16:15 - 2018-07-28 17:25 - 000004282 _____ C:\Users\Administrator\Documents\iSDT_C4_Thoughts.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-25 15:11 - 2009-07-14 16:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-25 15:11 - 2009-07-14 16:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-25 15:08 - 2009-07-14 17:13 - 000795886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-25 15:08 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2018-08-25 15:03 - 2015-08-25 16:33 - 000000000 ____D C:\Windows\Minidump
2018-08-25 15:03 - 2015-07-16 21:19 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2018-08-25 15:03 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-25 14:31 - 2017-12-03 09:39 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Nitro
2018-08-25 14:15 - 2018-07-22 21:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2018-08-25 14:15 - 2017-11-25 10:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\A2D0E596-2568-412C-A990-7D4AFB3342BF
2018-08-25 14:15 - 2017-08-11 13:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-08-25 14:15 - 2015-08-05 14:04 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-08-25 14:15 - 2015-07-16 21:26 - 000061088 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:15 - 2015-07-16 21:26 - 000061088 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:15 - 2015-07-16 21:26 - 000000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2018-08-25 14:14 - 2009-07-14 15:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-08-25 11:51 - 2015-07-16 21:19 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2018-08-25 11:13 - 2017-08-14 06:21 - 000000000 ____D C:\ProgramData\ProductData
2018-08-20 20:40 - 2018-03-06 06:24 - 034453544 _____ C:\Windows\ntbtlog.txt
2018-08-20 14:42 - 2015-12-22 13:46 - 000007603 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2018-08-19 23:29 - 2015-08-24 16:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-16 21:46 - 2015-12-07 23:22 - 000000000 ____D C:\Windows\pss
2018-08-15 16:20 - 2017-10-23 16:47 - 000000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2018-08-15 16:20 - 2015-07-16 21:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-15 16:17 - 2015-08-23 12:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-08-12 20:50 - 2017-10-05 21:26 - 000000000 ____D C:\Windows\amlog
2018-08-12 20:50 - 2015-07-17 17:01 - 000000000 ____D C:\Windows\Panther
2018-08-12 20:48 - 2017-09-12 12:38 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-08-12 20:47 - 2015-10-11 22:08 - 000000000 ____D C:\ProgramData\Temp
2018-08-12 20:38 - 2015-08-19 15:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2018-07-29 19:02 - 2015-07-19 16:36 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-07-27 17:57 - 2017-10-02 18:26 - 000000895 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2018-07-27 17:57 - 2017-10-02 18:25 - 000000000 ____D C:\Program Files\Pale Moon
==================== Files in the root of some directories =======
2015-05-12 22:55 - 2015-05-12 22:55 - 000237568 _____ () C:\Users\Zcm\zcmx64.exe
2015-05-14 10:26 - 2015-05-14 10:26 - 000196608 _____ () C:\Users\Zcm\zcmx86.exe
2016-08-14 14:30 - 2016-08-14 14:30 - 000007833 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.cat
2016-08-14 14:30 - 2016-08-14 14:30 - 000001126 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.inf
2016-08-14 14:30 - 2016-08-14 14:30 - 000000125 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.ini
2016-08-14 14:31 - 2016-08-14 14:31 - 000000074 _____ () C:\Users\Administrator\AppData\Roaming\ezplay.log
2016-08-14 14:30 - 2016-08-14 14:30 - 000118400 _____ (VSO Software) C:\Users\Administrator\AppData\Roaming\ezplay.sys
2015-08-26 13:27 - 2017-08-12 17:01 - 000099384 _____ () C:\Users\Administrator\AppData\Roaming\inst.exe
2015-07-26 01:24 - 2016-10-21 20:55 - 000000639 _____ () C:\Users\Administrator\AppData\Roaming\pacemaker.ini
2015-07-26 01:24 - 2015-07-26 01:24 - 000000010 _____ () C:\Users\Administrator\AppData\Roaming\pacemaker_songparams.txt
2015-08-26 13:27 - 2017-08-12 17:01 - 000007859 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.cat
2015-08-26 13:27 - 2017-08-12 17:01 - 000001167 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.inf
2015-08-26 13:27 - 2017-08-12 17:01 - 000000055 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.log
2015-08-26 13:27 - 2017-08-12 17:01 - 000082816 _____ (VSO Software) C:\Users\Administrator\AppData\Roaming\pcouffin.sys
2015-09-27 13:40 - 2016-09-06 19:23 - 000013312 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-19 20:22 - 2015-09-19 20:22 - 000000101 _____ () C:\Users\Administrator\AppData\Local\fusioncache.dat
2018-03-25 00:55 - 2018-03-25 00:55 - 000000876 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-12-22 13:46 - 2018-08-20 14:42 - 000007603 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-08-05 00:26 - 2016-08-05 00:26 - 000000077 _____ () C:\Users\Administrator\AppData\Local\smplayerhdpi.ini
2015-11-07 11:55 - 2015-11-07 12:13 - 843913989 _____ () C:\Users\Administrator\AppData\Local\Tempacad_2014_32_64_stored.pcf
2017-08-15 20:58 - 2017-08-15 20:58 - 062684292 _____ () C:\Users\Administrator\AppData\Local\Temp_pdf.pdf
2012-09-10 23:49 - 2012-09-10 23:49 - 000001050 ____H () C:\Users\Administrator\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
Some files in TEMP:
====================
2018-08-25 00:31 - 2015-06-29 23:49 - 001727904 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 12:29
==================== End of FRST.txt ============================
Addition.txt -
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Administrator (25-08-2018 15:33:31)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-16 09:11:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1382256656-1906833549-2697462634-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1382256656-1906833549-2697462634-1002 - Limited - Enabled)
Guest (S-1-5-21-1382256656-1906833549-2697462634-501 - Limited - Disabled)
Mine (S-1-5-21-1382256656-1906833549-2697462634-1000 - Administrator - Enabled) => C:\Users\Mine
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov)
AC-3 ACM Codec 2.2 (HKLM-x32\...\AC3ACM) (Version: 2.2 - fccHandler)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AIDA64 Extreme v5.95 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.95 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 6.3 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - AOMEI Technology Co., Ltd.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blue Cat's Stereo Flanger VST 2.62 (HKLM-x32\...\{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}) (Version: 2.62 - Blue Cat Audio)
Bookmark Buddy Unicode (HKLM-x32\...\Bookmark Buddy Unicode) (Version: - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas X 2017 GIS (HKLM\...\{BD079D7D-1489-4952-876C-BC6898C76BA4}) (Version: 17.0.160 - Canvas X Software Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version: - balesio AG)
Foxit PhantomPDF (HKLM-x32\...\{37B1C18A-BD42-11E7-AE41-000C296BF29B}) (Version: 9.0.0.29935 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
FreeArc 0.67 alpha (HKLM-x32\...\FreeArc) (Version: 0.67 alpha - Bulat Ziganshin)
FxSound Enhancer (HKLM-x32\...\DFX) (Version: 13.018 - FxSound)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.8 - Outertech)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated)
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HL-3150CDN (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HWiNFO64 Version 5.74 (HKLM\...\HWiNFO64_is1) (Version: 5.74 - Martin Malík - REALiX)
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.4.0.8 - IObit)
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.1.0.48 - Corel Corporation) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MediaInfo 0.7.88 (HKLM\...\MediaInfo) (Version: 0.7.88 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
MPC-BE x64 1.5.0.2235 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Nitro Pro (HKLM\...\{7DA78E32-D129-46AB-84A6-FF9AE03969B7}) (Version: 11.0.7.411 - Nitro)
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaceMaker plug-in for Winamp (HKLM-x32\...\PaceMaker plug-in) (Version: 2.6 - PaceMaker plug-inc.)
Pale Moon (x64 en-US) (HKLM\...\Pale Moon (x64 en-US)) (Version: 27.9.4 - Moonchild Productions)
PowerArchiver 2018 (HKLM\...\PowerArchiver_is1) (Version: 18.00.53 - ConeXware, Inc.)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version: - )
RedistSysFiles (HKLM-x32\...\{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}) (Version: 8.1.0 - ) Hidden
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
Soldier of Fortune Gold (HKLM-x32\...\Soldier of Fortune Gold) (Version: - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1382256656-1906833549-2697462634-500\...\Vivaldi) (Version: 1.15.1147.55 - Vivaldi)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-10-21] (Nitro Software, Inc.)
ContextMenuHandlers1: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers1: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-02] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2018-05-16] (ConeXware, Inc.)
ContextMenuHandlers6: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2018-05-16] (ConeXware, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0764B4D5-54A1-4694-B76D-5EB607F78AA2} - System32\Tasks\TCP Host Task => C:\Program Files (x86)\TCP Host\tcphost.exe [2017-11-25] () <==== ATTENTION
Task: {12A0C6A1-200B-471A-8725-87EEC01350C4} - System32\Tasks\{D1A5EB22-5B77-4B01-AF66-789DA9D5CB40} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {1E904CB0-000E-487B-AF48-60A9B0928D86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {28EE65A9-95F3-4CE9-9B3F-2CF035310A99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {2EE8A209-DF86-472E-A487-EDA9C84F71BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {31CA2B13-E209-468E-A8CC-A8CB48735F11} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {38A67970-1E63-4081-B024-92026D3AB3C0} - System32\Tasks\{EF297CA0-08AF-4D1F-B502-0CBDFC649EEE} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {3CB3AC89-F130-4849-8C6B-E077BCE5F8BF} - System32\Tasks\{C657E89E-41CE-46A5-968F-0E192C5DEBA6} => C:\PNGoo\PNGoo.exe [2009-07-06] ()
Task: {4FF507DE-D88F-4961-9033-E63518B5E12B} - System32\Tasks\{A0C0F15A-5CFC-442E-9512-BA794E0E5E39} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {5D4C0C8A-B682-45F3-8E92-FA7805583199} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {6CAB63B2-E329-4688-82BB-A77590B5FA11} - System32\Tasks\{C6437A59-0933-44C4-BAC9-44D74D97F6CB} => D:\Multimedia_Players_Editors\Quicktime\QuickTime Pro v7.7.4.80.86\Keygen\Keygen.exe [2012-05-16] (Apple, Inc.)
Task: {78C7B6CA-1FD1-4DBF-92FB-120D17DE5E1A} - System32\Tasks\{D36EB26B-5346-468B-ACD4-586A4605B656} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {8B86C35E-8402-43B9-A16E-12DE7938E1E1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8D7C33BF-F676-4F98-8E34-F229A18A9585} - System32\Tasks\{488CF1C6-7E51-47AD-86D1-6E114EE79AFB} => C:\kmquake2\kmquake2.exe
Task: {9397E759-B31D-470A-BC9D-E280A7D68252} - System32\Tasks\{0590DAE7-4817-4FBE-B9E3-C401ECEE6CF7} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {97C7A462-0336-4A3D-8803-070642A11FCD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
Task: {A012571E-C3ED-4E57-A53E-A5026C3F66AF} - System32\Tasks\{8F08D025-5318-48AA-9BAD-A7F3EACE74BD} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {A430C2CF-A535-48AA-BD0B-6E06615DF5C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {B69CA034-9546-4CEE-8DBB-5DFF019D9872} - System32\Tasks\{43F50390-97E2-4956-960F-6B051C40CB7E} => C:\kmquake2\kmquake2.exe
Task: {CB3FB3DF-928B-4EA0-B467-EF8C2E18BE30} - System32\Tasks\{2DD529D7-EDD5-407E-898B-80B96757B84D} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
Task: {CD4E1250-E212-4A84-8FBA-798456F5FCF3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F8E3D08F-42F1-4B33-9BFD-56705246A131} - System32\Tasks\Opera scheduled Autoupdate 1438860155 => C:\launcher.exe
Task: {FDCD138A-9092-41EC-A0BC-42DAC18EC33C} - System32\Tasks\{C3D7AD64-42B2-4CBA-845C-4035916DB6E4} => C:\Quake2\kmquake2.exe [2015-07-02] ( )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-09-05 14:44 - 2015-04-07 14:44 - 000127952 _____ () C:\Program Files (x86)\FILEminimizer Suite\fmshell64.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2015-07-16 21:16 - 2012-03-19 19:09 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-11-25 10:58 - 2017-11-25 10:58 - 000324220 _____ () C:\Program Files (x86)\TCP Host\tcphost.exe
2015-07-16 21:19 - 2012-02-07 17:27 - 000121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2018-08-19 23:29 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-23 22:11 - 2018-07-17 22:59 - 001253448 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\ffmpeg.dll
2018-07-23 22:11 - 2018-07-17 23:00 - 004459080 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\libglesv2.dll
2018-07-23 22:11 - 2018-07-17 23:00 - 000100424 _____ () C:\Program Files\Vivaldi\Application\1.15.1147.55\libegl.dll
2012-10-01 19:37 - 2012-10-01 19:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-01 01:20 - 2014-03-01 01:20 - 000002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-07-26 21:25 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-07-16 21:25 - 2009-03-26 14:46 - 000148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2018-06-12 15:51 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-06-12 15:51 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-06-12 15:51 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-06-12 15:52 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-06-12 15:51 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-06-12 15:51 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2015-07-16 21:19 - 2012-02-07 17:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\UDAAIM64.exe:BDU [1]
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Video:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [738]
AlternateDataStreams: C:\ProgramData\Temp:072F1F69 [380]
AlternateDataStreams: C:\ProgramData\Temp:12258D63 [207]
AlternateDataStreams: C:\ProgramData\Temp:249F95D0 [430]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:33B04540 [394]
AlternateDataStreams: C:\ProgramData\Temp:4EEC7800 [188]
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6 [394]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [206]
AlternateDataStreams: C:\ProgramData\Temp:77B64C59 [192]
AlternateDataStreams: C:\ProgramData\Temp:7C412B92 [185]
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [188]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [193]
AlternateDataStreams: C:\ProgramData\Temp:8FAE08A5 [229]
AlternateDataStreams: C:\ProgramData\Temp:91FE43FF [204]
AlternateDataStreams: C:\ProgramData\Temp:91FFEC32 [416]
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB [147]
AlternateDataStreams: C:\ProgramData\Temp:98982C88 [192]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [173]
AlternateDataStreams: C:\ProgramData\Temp:A819A132 [213]
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7 [390]
AlternateDataStreams: C:\ProgramData\Temp:AD7183FA [203]
AlternateDataStreams: C:\ProgramData\Temp:C0A9D0E7 [184]
AlternateDataStreams: C:\ProgramData\Temp:C7684F3C [209]
AlternateDataStreams: C:\ProgramData\Temp:D47B19A6 [394]
AlternateDataStreams: C:\ProgramData\Temp:E51234A9 [366]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [202]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 14:34 - 2017-12-18 16:34 - 000001364 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1382256656-1906833549-2697462634-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0580B12F-5A4C-431C-B0FC-CE7745B6134C}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{1661205B-27F1-4AF6-8AED-4EFB8322C450}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B0FB1281-E9F0-4B87-BC74-33DAA6CD96DB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{88F44DB1-1862-40F0-8F92-8415341762CC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{359EBE35-79CF-466A-BD1C-CAC8199CC308}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{60721D96-25B1-4BCD-8C9A-8AD34FB7F73B}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E5B7F114-C935-4723-AAB9-C4C7ADAF5E96}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{39713F01-97CC-4C4C-B011-BD72851BE358}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8D12B4EF-0A94-44AB-A8C8-FB064DC065F0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ezplay device ...
Description: ezplay device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/25/2018 03:12:48 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-09-04T03:39:47Z. Error Code: 0x80070490.
Error: (08/25/2018 03:06:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D2576348-8C8A-4592-8F31-B28B0CDB2623}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
Error: (08/25/2018 03:04:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/25/2018 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/25/2018 03:04:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/25/2018 02:16:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/25/2018 02:16:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/25/2018 01:02:57 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={DCE2B86C-4886-4268-8B3A-D9A0B275A6AD}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 678.
System errors:
=============
Error: (08/25/2018 03:04:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStorV
msahci
Error: (08/25/2018 03:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (08/25/2018 03:03:43 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800ba24730, 0xfffffa800ba24a10, 0xfffff80002f76940). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082518-16005-01.
Error: (08/25/2018 03:03:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:01:51 p.m. on 25/08/2018 was unexpected.
Error: (08/25/2018 02:15:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStorV
msahci
Error: (08/25/2018 02:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (08/25/2018 02:15:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (08/25/2018 02:15:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2018-08-25 15:04:14.271
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 15:04:14.255
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 14:15:52.762
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 14:15:52.752
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 11:12:19.973
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 11:12:19.957
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 10:21:57.029
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-25 10:21:57.014
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8076.14 MB
Available physical RAM: 5989.86 MB
Total Virtual: 16150.47 MB
Available Virtual: 13916.02 MB
==================== Drives ================================
Drive c: (W 7_64 bit) (Fixed) (Total:119.84 GB) (Free:7.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data_1) (Fixed) (Total:310 GB) (Free:45.41 GB) NTFS
Drive e: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:16.53 GB) NTFS
Drive i: (W XP) (Fixed) (Total:97.76 GB) (Free:74.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (Data_2) (Fixed) (Total:353.01 GB) (Free:202.16 GB) NTFS
Drive k: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Any ideas?
Thanks!